Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Compliance Remains Elusive Target

NEW YORK -- Interop -- To stay "compliant," companies are forced to navigate a jungle of costly, complex, and often contradictory regulations, according to a roundtable discussion on the state of compliance here today.

In a panel aimed at bringing together user, auditor, consultant, and analyst perspectives, participants agreed there needs to be a better way to streamline compliance, given the thousands of regulations that have popped up in recent years.

Steven Attias, chief information security officer of New York Life Insurance, describes compliance as "running on a treadmill that's constantly getting faster and increasing in elevation at the same time."

Attias says a myriad of regulations forces him to follow many pats to stay compliant, paths that are often inconsistent with business processes. "Having to buy and manage point products adds to the burden," he says. "Most regulations say basically 'Do the right thing.' Some are too vague, and some are too proscriptive. They're written by somebody who doesn't understand this space."

An auditor on the panel agreed it would be great if compliance were one overall process instead of different processes for each regulation. "It's a moving target," says Adam Losner, VP of finance for the Institute of Internal Auditors. And he says every time the compliance target moves, it costs a company money to hire auditors and consultants and institute document management processes.

  • 1