Home | Computers | Information Technology
Compliance is a required attribute of networks and information technology infrastructure for some businesses, and a voluntary goal and best practice for others. No matter what you business's interest in compliance, it can be a difficult web to navigate, with even the concept and definitions of compliance causing confusion for those involved in its maintenance. The easiest place to start on the road to full Asian IT and network infrastructure compliance is with a definition of the term. The International Organization for Standardization uses the framework of 1. Confidentiality, 2. Integrity, and 3. Availability to assess IT compliance. Confidentiality, as a compliance platform, refers to ensuring that only those authorized to access certain types of data, do so. Integrity refers to the level of completeness and accuracy of each system and piece of data, and availability compliance means ensuring that data is available to the persons and systems at the times they need it. Within these platforms, an organization might be required (or choose to) comply at several different levels. The most intricate is specific compliance, with general compliance being another common one required by law, and voluntary compliance as the third level. Compliance with certain standards is often more than a matter of information technology infrastructure or Asian network infrastructure, and extends to policies and procedures. In cases where specific compliance is required (such as the PCI DSS standard for any company involved in credit card transactions), enterprises are often required to have certain standards, documentation, auditing and testing. For companies that must adhere to general compliance regulations, standards are not as specific, and organizations usually know which laws apply to them. Some examples of general compliance laws are the Sarbannes-Oxley law for US publicly traded companies, the Basel II for international banking organizations, and FISMA (Federal Information Security Management Act 2002 for US government and its contractors). Despite the fact that compliance is often more than a simple technical issue, information technology consultants and Asian network operations agencies are the companies best placed to assist customers with working towards it. Dimension Data is one of Asia's most experienced groups for this purpose, and Asiapac can also assist to some degree. Companies looking to start on the path to compliance should: 1. Establish a general security policy, and make it integral to your compliance activities. 2. Ensure that separation of duties is documented adequately. This means creating job descriptions for all in the organization, and adhering to them. 3. Device configuration standards should be documented and maintained, and communicated to any information technology consultant that works on your network. 4. Change management processes should be documented and followed, to ensure that information technology infrastructure and network infrastructure upgrades maintain compliance. 5. Develop your own auditing process for compliance - this is infinitely preferable to discovering weaknesses in an external audit. 6. Not reinvent the wheel - ISO 27002 and the IT Infrastructure Library have some great frameworks that can be adapted.
Article Source: http://blogticles.com
Please Rate this Article
5 out of 54 out of 53 out of 52 out of 51 out of 5
Not yet Rated
