You have 20 seconds to comply…

I think you’d better do what he says, Mr. Kinney

In the 1987 film Robocop, the enthusiastic compliance of Mr Kinney is ignored by the malfunctioning law-enforcement robot, ED-209, with fatal consequences. Many of the legal imperatives and regulations facing the IT world today are accompanied by an unmovable deadline and threats of punitive measures – the beleaguered IT team could be forgiven for feeling like another short-lived extra in a dystopian sci-fi movie. While the timeframe given typically exceeds 20 seconds , the deadlines are usually aggressive and non-negotiable, making the associated IT change project a high priority “must have” and the budget a “must spend”. Worse still, as evidence of economic and management frailty continues to beset many industries, regulatory bodies have “no shortage of excuses to launch … [a] clampdown”  with further compliance measures.

Comply with this

Compliance feels like a faintly vague term. What are we complying with, and who told us to do so? Here’s how one industry commentator defined compliance: The process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements. Consider now the following selection of regulatory or legislative changes that have emerged in the last decade or so:

compliancetable

Of course, this isn’t a one-off task. Many of these regulations require compliance not only in the first instance, but then also as part of an on-going audit and reporting process. So the “compliance work” is an annual event to build into the IT schedule. Add to this little list the efforts undertaken on in-house regulations including coding guidelines, standards adherence, code complexity criteria; it is no wonder that these efforts are forcing an unprecendented demand in IT simply to ‘keep the lights on’.

Getting Ahead of the Game
An untold variety of technical complexity awaits the intrepid IT team seeking to conform and comply with the latest round of regulations. However, such measures have a couple of key things in common:

• Core application code will need to change
• How data is stored will (usually) have to change
Irrespective of the new regulation or measure, extra elements that comprise the new activities need to be wired into the applications that currently provide that business function. It therefore holds that a fundamental approach – a lifecycle for change – is needed for IT teams to follow in order to plan and execute an effective compliance project:

1. Find it: Uncovering the breadth and depth of the required IT change
2. Fix it: Executing the change program as efficiently as possible
3. Test it: Establishing a full change validation process, incorporating data privacy needs

This lifecycle closely resembles the Software Development Lifecycle (SDLC) – unsurprisingly perhaps because there is, at the heart of both things, a major change to a core application required.

Find Your Best Practice

Having supported organizations find, fix and validate their large scale change programs since the days of Y2K and the Euro conversion, Micro Focus has provided an efficient, scientific and rapid solution for a variety of compliance activities. Whether the concern is determining the scope of the required changes, executing the application change effort itself, or establishing a secure and streamlined validation process, Micro Focus enables organizations to meet aggressive deadlines with greater confidence, enabled through smart technology.

Look out for the Micro Focus Compliance program.

[1] Harry Wilson, Daily Telegraph, 8th October 2012, “Bleak Future for the Banks of Tomorrow”

[1] http://blogs.gartner.com/paul-proctor/2013/05/13/why-i-hate-the-term-grc/

 

 

 

 

Share this post:
Tweet about this on TwitterShare on FacebookShare on LinkedInGoogle+

Leave a Reply

Your email address will not be published. Required fields are marked *