I’ve previously blogged about Triumfant, a company that has mastered
the automated detection and resolution of IT problems. I also think
of them as the world’s greatest compliance monitoring capability. What
do I mean by compliance? I mean compliance in the context of the many
rules, regulations and configurations that external organizations and
the government require, and also compliance with your own policies and guidance.
For those who are not familiar with the full scope of compliance
issues, a great source is the site of the IT Compliance Institute.
Their goal is to be a global authority on the role of technology in
business governance and regulatory compliance. That means they are
driven to seek out regulations, understand the requirements for
compliance, and then help determine the best way to automate that
compliance.
The site holds several white papers and
checklists on topics like IT Audit, Risk Management, keeping up SOX
compliance, Change Management, Logging, Reporting, and Security.
These papers seem to be good primers for any CTO or other enterprise
technologist who needs to understand this domain.
Here are some other thoughts on compliance:
- During my time as a CTO of a DoD Agency, I noticed a shift in how
federal organizations perceived compliance. Federal organizations are
all about compliance, and have long followed mandates like the
Clinger-Cohen Act, FISMA, the many Enterprise Architecture requirements
(like DoDAF or FEA), and a wide variety of other requirements. But
most federal organizations did not treat compliance as a way to
optimize delivery of IT capabilities to users. And most federal
organizations did not have to comply with many of the regulations being
levied on industry (like SOX, for example). That is all changing.
- More recently IT professionals began to see compliance and the need
for automated control of systems as a way of not just complying with
regulation and reporting requirements, but a way of ensuring uptime,
helping speed delivery of new software deployments, helping reduce IT
admin costs, and helping with overall abiity to support the mission.
Add to this new awareness of the importance of compliance the recent
shifting of federal policy towards having agencies produce financial
audits and IT auditing requirements to the same standards as the
commerical sector.
There are more shifts in compliance underway in the federal space,
including a new Federal Desktop Core Configuration (FDCC). I see all
this compliance as a good thing that should be executed in a way that
enhances uptime, enhances security, and enhances the delivery of
capability to end users.
For more on compliance see my previous post http://www.ctovision.com/2008/07/automated-resolution-of-it-problems.html
For more on triumfant see: http://triumfant.com
Like this:
Be the first to like this post.
Posted by Bob Gourley 
