Compliance Management promotes compliance to standards and regulations for which there is a recognized business need.
For the IT organization, there must be an understanding of the risks involved
in noncompliance. There should also be a gap analysis to determine the distance between the current situation and compliance. There may be a significant
gap, which would involve a significant change in the IT culture to change that gap.
Typically, to bring an IT organization into compliance with a standard or regulation, a program will be initiated to
achieve compliance. To measure the progress of an IT organization in complying with a standard or regulation, a
maturity model is often used.
A formal measurement of the degree of compliance is typically performed by an audit.
|