Help for the Compliance Crazed

IT folks charged with making sure their organizations comply with new regulations about corporate data often feel in need of an institution. For now, they'll have to settle for an institute.

IT Compliance Institute (ITCi), an online information service, was launched this week to provide education, research, conferences, analysis, and other resources to help IT personnel deal with the plethora of federal and global regulations popping up all over -- for a fee, that is.

The ITCis director of education and research, Adrian Bowles, says he got the idea after fielding frequent questions from IT people looking to get hip to HIPAA (the Health Insurance Portability and Accountability Act) or a lock on "Sox" (the Sarbanes-Oxley Act).

“There are a lot of questions I’ve been receiving over the last couple of years as an industry analyst,” says Bowles, a research fellow at the Robert Frances Group, an IT consultancy. “People wanted to know what were the new regulations, which regulations impact them, what are the best practices. It all came down to ‘How do I prepare a defensible compliance strategy?' "

The IT Compliance Institute will be based on the same model as the The Data Warehousing Institute -- both are run by publisher 101communications. The institute will include a paid membership that offers subscribers access to a searchable database of state, federal, and global regulations that impact IT. While the site is operating, the full database is scheduled to go online next month. Members will also have access to online forums, research and best practices, electronic alerts to information on new and emerging regulations, and discounts for IT Compliance conferences.Compliance is a hot topic now, as organizations struggle to deal with a truckload of new regulations in areas of corporate governance, security, and privacy (see In 2004, It's Comply or Die). Unlike the Y2K craze of three years ago, though, these issues are permanent. Data retention and retrieval will continue to play a large role in compliance because regulations mandate that electronic records be kept for minimum periods of time -- often decades -- and be available for audits sometimes within days.

Bowles thinks it's a solid business to be in. “The reality is, with the United States government passing more than 4,000 regulations a year, we think there’s a future in this,” he says. “We don’t think this business is ever going away.”

Bowles estimates Sarbanes-Oxley compliance can cost individual companies hundreds of thousands and even millions of dollars in operating and capital expenses, which will be recurring annually for the foreseeable future.

His answer? By shelling out a bit more, you can get some help that could save at least some time and trouble: “The institute gives IT professionals a place to turn as they face the challenges of corporate compliance. CFOs aren’t going to be in compliance unless IT takes the right steps.”

— Dave Raffo, Senior Editor, Byte and Switch