Patchrobe

SOX compliance on the level of management of IT and enterprise architecture is an elusive goal.

This is strange because it's technical requirements are so simple and generally well within the scope of normal operations. However, simple and subtle errors can have a profound impact on how easily it can be achieved.

Those responsible for the enterprise architecture must have strong leadership with a clear awareness of it's responsibilities, both legal (to all applicable laws and systems under which the business functions) and ethical (to the community at large and all stakeholders in the business) and with a willingness to act on those responsibilities.

Those tasked with compliance issues should have those clearly stated within their performance objectives and be fairly assessed on them. A simple error such as having a technical architect have all her objectives set by the project manager to whom she reports and by whom she is exclusively assessed can be disastrous - SOX compliance is often at odds with timely delivery and the easiest way of doing things (as are building regulations, or labour laws for that matter).

SOX compliance should be a natural outcome of good administration under competent and respected management with adequate resources.

It's not hard, but it is elusive. It is a process and an ethic. Contact us if you need help with it, or even if you just need help getting PCI-DSS compliant for your website.

PCI-DSS