Developing IT Compliance Program

The IT compliance program cannot be conceived in isolation and devoid of the key links

to non-IT and financial compliance. Effective IT compliance requires an aggregate

vision and architecture to achieve compliance that goes beyond becoming infatuated

with a given control framework. 

As a group, provide a detailed plan of action based on life cycle concepts to develop

and deploy an ongoing IT compliance process. Your plan should provide practical

knowledge on what you should consider when developing and implementing an IT

compliance program for key regulations such as Sarbanes-Oxley, HIPAA, GrammLeach-Bliley,

PCI

and

others

to

achieve

meaningful

IT

governance.

Your

plan should

include

the

following:

 Discuss the challenges IT divisions face in achieving regulatory compliance 

 Assess how IT governance will improve the effectiveness of the IT Division to attain

regulatory compliance 

 Develop a broad vision, an architecture, and a detailed plan of action that follows

a life cycle concept 

 Assess all key business processes and IT compliance factors and link to all

business processes (financial and non-IT) to develop an aggregate vision of IT

compliance 

 Your detailed plan should include the following phases: initiate, plan, develop and

implement.