Group Assignment 1: Developing IT Compliance Program
The IT compliance program cannot be conceived in isolation and devoid of the key links to non-IT and financial compliance. Effective IT compliance requires an aggregate vision and architecture to achieve compliance that goes beyond becoming infatuated with a given control framework.
As a group, provide a detailed plan of action based on life cycle concepts to develop and deploy an ongoing IT compliance process. Your plan should provide practical knowledge on what you should consider when developing and implementing an IT compliance program for key regulations such as Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, PCI and others to achieve meaningful IT governance.
Your plan should include the following:
Discuss the challenges IT divisions face in achieving regulatory compliance
Assess how IT governance will improve the effectiveness of the IT Division to attain regulatory compliance
Develop a broad vision, an architecture, and a detailed plan of action that follows a life cycle concept
Assess all key business processes and IT compliance factors and link to all business processes (financial and non-IT) to develop an aggregate vision of IT compliance
Your detailed plan should include the following phases: initiate, plan, develop and implement.