Just Enough Governance for Notes Blog :: Compliance Isn't Going Away

Bookmark :

And while you may be comfortable with SOX, HIPAA, OFCCP and GLBA, new compliance requirements are coming at you full speed ahead including PCI DSS, e-discovery and FFIEC. Compliance with existing requirements along with new mandates are forcing companies to constantly define new compliance processes and update existing ones. Furthermore, policies and technologies have to be mapped to these new requirements in order to avoid steep PCI fines and the escalating costs associated with e-discovery.

So how do you keep up with all this alphabet soup? How do you know which policies will need to be modified and which technologies can help? How do you manage keeping everyone trained on the latest compliance processes? What strategies do you implement? What frameworks are in place to help you through your compliance challenges? And according to CIO-Midmarket, this challenge seems to be greatest for midsize companies, but most of us have to deal with these challenges in one form or another. It’s enough to make my head spin!

Glossary
SOX – Sarbanes-Oxley Act
HIPAA – Health Insurance Portability and Accountability Act
OFCCP – Office of Federal Contract Compliance Programs
GLBA – Graamm-LeachBliley Act
PCI DSS– Payment Card Industry Data Security Standard
FFIEC – Federal Financial Institutions Examination Council

Comments

1 - No, compliance is not going away. Unfortunately what IS going away in many organizations are the RAD tools that make it easy to deploy applications without the rigors of the governance process. This includes Lotus Notes, MS Access and Filemaker. This is not to say that these applications can't be used in that mode, they just don't have the mindshare at the decision maker level. Sharepoint appears to be headed to a similar fate. This leaves the department Excel guru and shared spreadsheets as the last opportunity for automating tasks below the compliance radar.

Posted by Ed Maloney At 12:35:50 PM On 06/03/2008 | - Website - |

2 - It's interesting that you should mention spreadsheets as the last opportunity for automating tasks below the compliance radar. There is probably more sensitive data stored on uncontrolled, unsecured and unprotected spreadsheets than in most database applications. But somehow the same compliance requirements don't seem to apply.

Posted by Scott Johnsen At 12:42:16 PM On 06/03/2008 | - Website - |

3 - @1 My entire world right now is compliance at the company where I work. In fact we have found that RAD using Lotus Notes tends to be much more compliant than anything else we've seen. Lotus Notes offers Security right out of the box, and is very secure. Where as every single application we've had written in VS has only IIS as its line of defense. (which 90% of the time is configured incorrectly)

Now you may say that we should have configured our VS projects to support forms authentication, and I say, thats no long RAD....

Posted by J Pop At 01:43:02 PM On 06/03/2008 | - Website - |

4 - @1 and 2, no disagreement that Lotus Notes provides a superior RAD environment and can meet compliance requirements. My original post was a lament about how Notes is being displaced by Java and .NET because these are somehow considered better suited to governance requirements. The irony is that when you take away Notes, users will turn to less secure/unregulated automation tools like Excel and Google Apps to meet their needs.

Posted by Ed Maloney At 02:16:32 PM On 06/03/2008 | - Website - |

5 - The comment about Java is funny in light of some of the Java blog discussion going on about the demise of Java.

{ Link }

As mentioned previously, there is always something new. And we all know how "latest" doesn't necessarily mean "greatest"! But that's another discussion entirely.

Posted by Scott Johnsen At 08:16:28 AM On 06/05/2008 | - Website - |