Copyright Pinnacle Technology, LLC 2007-2008
Robert Drobish
Pinnacle Technology
Copyright Pinnacle Technology, LLC 2007-2008
Today’s IT Compliance LandscapeIT Compliance has added additional
requirements on IT departments!!
Copyright Pinnacle Technology, LLC 2007-2008
What can you do???The real questions should be ‘Why should you
want to be compliant with so many different standards/regulations?’
The answer:4)Better operations of your IT department and
hopefully this will translate into your business operations.
5)Good corporate citizen for your company, employees and stakeholders.
Copyright Pinnacle Technology, LLC 2007-2008
What does compliance mean to me!!Compliance from a 20,000ft level is:2. Develop ADEQUATE policies and
procedures respective of the particular compliance area.
3. Follow these policies and procedures.
Copyright Pinnacle Technology, LLC 2007-2008
Compliance Areas and me..IT compliance high level overview…Payment Card Industry (PCI) – Is your credit card data
controlled? Is credit card information managed, encrypted, secured? Do you get annual penetration tests?
Health Insurance Portability and Accountability Act (HIPAA) - Is the personal health care data managed, secured, and monitored?
Sarbanes Oxley (SOX) - Is your financial data managed, secured, and monitored?
SAS70 - Is your financial and/or IT data managed, secured, and monitored?
Copyright Pinnacle Technology, LLC 2007-2008
Compliance Areas and me..IT compliance high level overview…Nevada Gaming Control Board Standards - IT (NGCB) -
Is your gaming user and financial data managed, secured, and monitored?
ISO Standards (9001, 17025) - Is your process and test data managed, secured, and monitored?
Copyright Pinnacle Technology, LLC 2007-2008
What does Adequate mean to me and who determines what ‘Adequate’ is?
Adequate policies and procedures are:2. Respective of the particular compliance area
(SOX, PCI, HIPAA, NGCB MICS, etc.).3. Follow a published standard (CobIT, COSO,
ITIL, ISO, etc.)4. Respective of your particular business
requirements
Copyright Pinnacle Technology, LLC 2007-2008
What does ‘Respective of your particular business requirements’ mean?
It’s your business and how you operate it, within certain compliance, or guidelines, is up to you!!
Being compliant doesn’t mean ‘Change your business’, it means ‘Prove to outside entities that you are following a set of adequate standards’.
Copyright Pinnacle Technology, LLC 2007-2008
Compliance and my ITIT compliance, on many fronts and standards,
means ‘Can you prove you (your company)..2)Are protecting the data (user access privileges, backups,
layers of security, etc.)?3)Understand at a management and employee level what is
expected and watching your operations and react if needed?
4)Know the data being used is: followed; managed; valid?5)Employ diversity, both in backups and transmission paths
and that they are truly redundant, validated and not co-dependant?
Copyright Pinnacle Technology, LLC 2007-2008
Standards, standards, standards..The different compliance standards and
requirements are different ways you can show to your employees, management, stockholders, and the international community that you are watching your ‘house’ through accepted standards and are a
Good Corporate Citizen
Copyright Pinnacle Technology, LLC 2007-2008
Extra BenefitsMeeting one, or more, compliance standards has
extra benefits, other than the auditors that visit regularly and bring gifts…
2)Your IT department often runs more efficiently and effectively allowing you to do more with the same resources, and usually reduce, drastically in some cases, problems.
3)IT has a transparency to the company as well as has additional leverage to get expenditures.
Copyright Pinnacle Technology, LLC 2007-2008
Final Thoughts
COMPLIANCEIS
GREAT
(WELL, MAYBE JUST REALLY GOOD)
Copyright Pinnacle Technology, LLC 2007-2008
Thank You.