If you're involved in insurance, pharmaceuticals or are a publicly-listed company you'll know all about compliance, with standards to follow set out by APRA or ASIC, or similar bodies.
For the rest of us, compliance is a much talked about topic; but most businesses in the SME sector fall short of meeting any standards. It's true that by and large we are not compelled to spend money on compliance systems. Nevertheless, doing so makes good business sense. After all, compliance ensures business continuity and security.
In Australia, each state does have data retention laws, but they have not been well publicised. In the US, they have the Sarbanes-Oxley Act, yet here the requirements are more of a well-kept secret than a known standard.
There are currently over 1,000 regulations in the US that relate to IT compliance, and Gartner has predicted that by 2012 this will have doubled. In comparison, Australia lags behind the US, while SMEs lag behind the whole compliance issue in general. But, it is safe to say that we will soon be hearing more about compliance with standards around:
- Data security;
- Protection and storage of private information; and
- Recovery requirements.
Business consulting firms and accounting practices are already performing IT audits for charities and not-for-profit organisations. This is a trend that will continue, with company directors wanting assurance that they are not going to wind up in jail for acts committed by their IT department.
The area that is most relevant to small business owners is software licensing compliance, as it is a simple matter to align licenses held with software installed. Many business owners and company directors risk serious fines and imprisonment over a lack of licensing compliance within their businesses.
Fewer of these owners and directors are aware of the risks they take with filed credit card numbers, or private client information, that – if leaked – could be grounds for serious legal action due to breach of the Privacy Act.
Complying with backup requirements and disaster recovery time frames is just good sense for many businesses, but is still misunderstood by Australia's SME sector. It is even misunderstood by the IT consultants who are setting up tape-based and disk-based redundant copies of data, without creating any recovery path for the case of corrupted or deliberately modified data.
Most of the standards around IT compliance are about creating better business systems and protecting businesses from serious data loss. They are not about creating layers of unnecessary cost.
What compliance issues have you come across in your industry?
Click here to read more IT Systems expert advice.
No comments:
Post a Comment