IT Compliance Programme Establishment
Analytix IT Compliance consulting service assist organisations with establishing, or to improving their IT Compliance programmes. We provide the technical expertise and project management capabilities needed to design and implement an IT Compliance programme that will enable management to evaluate that IT processes and IT-supported business processes are compliant with laws, regulations, corporate policies and contractual requirements.
Alignment with COBIT and ISO 19600
Our consultants will assist you to align your IT Compliance programme with the compliance best practice of COBIT and ISO 19600, the international standard for compliance management.
IT Compliance Programme
The scope and structure of an IT Compliance programme can vary, and our effort expended will be tailored to the needs of your organisation, while we will ensure that the essential elements will be undertaken to establish and effective IT Compliance programme that are capable of:
- Identifying external compliance requirements
- Optimising response to external requirements
- Confirming external compliance.
- Obtaining assurance of external compliance
Our approach to IT Compliance projects is based on the principles of the COBIT 5 IT Governance framework and related frameworks e.g. ISO 19600, and covers the full lifecycle of IT Compliance implementation that makes provision for the following:
- Providing a conceptual framework, structures, processes, resources and information that defines the essential IT Compliance activities and responsibilities
- Defining and documenting the IT Compliance Management process that has to be adopted and followed
- Obtain IT-wide consistency regarding the structure and application of the IT Compliance Management process
- Establish mechanisms to report and provide assurance to the IT management about compliance with corporate and IT policies
- Embed a common understanding of IT Compliance across the IT organization in alignment with IT Governance Risk and Compliance (GRC) systems
- Establish accountability and responsibility for IT compliance function
ISO 19600:2014 - Compliance management systems – Guidelines
ISO 19600:2014 provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an effective and responsive compliance management system within an organization. The ISO Standard 19600 is aimed at organisations that want to implement a management system that permits them to demonstrate their commitment with the legal requirements to be applied and with other requirements with which they have voluntarily decided to adopt.
The guidelines on compliance management systems are applicable to all types of organizations. The extent of the application of these guidelines depends on the size, structure, nature and complexity of the organization. ISO 19600:2014 is based on the principles of good governance, proportionality, transparency and sustainability.
The IT Compliance project deliverables:
- IT Compliance policy
- IT Compliance framework
- IT compliance process and methodology
- Create a clear understanding and acceptance of role of the IT Compliance function and other stakeholders and to have this formalized in an IT policy framework.
- Build IT compliance universe and format and specifications
- Develop tools and methodologies for assessing IT compliance, improving compliance and monitoring and reporting on compliance
- Develop IT Compliance roles and responsibilities
- Develop one and three year IT compliance plans
The following are benefits for implementing IT compliance:
- Improved IT Compliance assurance
- Reduction of audit findings
- Continuous improvement IT Compliance levels
- Adoption of good practices for dealing with compliance
- Improved staff awareness of the need to comply with governing documents
- Availability of reliable IT Compliance information to improve top management's ability to manage compliance
- Improved risk management (mitigated risks)
- Increased maturity level of IT processes
- Identification of all applicable corporate policies, IT policies, and identify the level of IT compliance
- Enable IT’s compliance laws and regulations, corporate policies and IT policies
- Minimize the business impact of identified compliance issues within IT.