Compliance —The Next Big Thing in IT
Information and communication technology is fundamentally changing society. I do not mean changes such as shopping online or spending 18 hours a day involved in a role-playing game. I am describing government’s acknowledgement of the importance of regulating electronically stored and communicated data about individuals and public and private institutions.
This emerging government focus centers on the roles and responsibilities of protecting and preserving public and private information. Institutions large and small are being held legally accountable for meeting new information-related standards. “There isn’t a single aspect of our business that doesn’t touch on compliance and technology,” said Jay Cohen, in an April 29, 2004 article in eWeek. Cohen, chief compliance officer at New York-based The MONY Group Inc., went on to say that he sees increasing pressure from regulators making more frequent requests for records; from auditors looking to ensure the privacy and security of customer data; and from new and evolving rules regarding e-mail, money laundering and the Sarbanes-Oxley Act.
Compliance issues are beginning to have a profound impact on the work and the focus of IT professionals from help-desk support personnel to chief information officers. The Sarbanes-Oxley Act (SOA), for example, is described as the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the securities laws of the early 1930s. Ensuring that an organization is in compliance with SOA electronic information guidelines is now challenging the resources of even large and well-staffed organizations. For the past several years, the Health Insurance Portability and Accountability Act (HIPAA) has had health-care providers from clinics to world-class medical facilities scrambling to comply.
IT professionals are now designing, documenting and working toward organizational compliance with various new mandates. Formal processes and procedures are essential to effectively meet these requirements. Workforce development is also of major importance to compliance. Well-planned and thoroughly executed implementation of training and certification equips the organization for effective compliance.
While there are now certificates directly related to the compliance of specific federal acts, I am addressing this issue much more broadly. Training and certification commensurate with job title help ensure that the IT professional knows his job so well that compliance can become second nature. The trained and certified professional can develop compliance solutions that are optimum for each organization. These professionals should be able to spot anomalies quickly and take corrective action. In this way, the IT team can become an “early warning system,” helping maintain compliance and heading off problems before they mushroom into much larger dilemmas.
On the whole, a trained and certified IT team is more productive than a non-certified team. This reality means compliance activities can be acted upon efficiently, leaving additional time available for improving operational effectiveness, profitability and responsiveness to customers.
Across-the-board training and certification reassure company executives that the essential details of compliance are in the hands of professionals. These programs show that IT management has taken steps to ensure the organization has the talent for the job at hand and can prove it with certification. Training and certification prove to regulators, customers and the public that an organization has made a substantial effort toward compliance.
Numerous software and hardware providers and consultants are producing compliance-related products and services. Customers should demand that key members of a vendor’s team are certified. No matter how well designed a compliance solution is, it still must be integrated with the user’s unique IT system. Certified IT professionals should be able to integrate the two much more effectively than workers who have not gone through a rigorous training and certification regimen of best practices.
New laws specifying IT compliance are coming, and greater internal resources will be allocated to meet these mandates. It is eminently reasonable to predict that compliance will be the next big thing in IT.
Just as reasonably, it is fair to say that certification vendors, training organizations and educational institutions will do what they have always done through a myriad of next big things—prepare the IT workforce to solve problems, improve productivity and ensure quality through knowledge mastery and technical expertise. That is why training and certification exist and will always be needed.
John A. Venator is president and CEO of CompTIA, the Computing Technology Industry Association, the largest global trade association supporting the IT industry. CompTIA has more than 19,000 members in 89 countries.