Friday, February 10, 2006

Detroit Rock City

I am often asked "Can't I just buy a software to do all this?" --- the short answer is the best one here---- no. In this article from the UK in IT Analysis Clive Longbottom slices and dices the problem with trusting your vendors to make you compliant.

Think of all the computerised solutions that we have had since the advent of the mainframe in the 1960s - barely 40 years ago. Could we now easily recover data from an original Winchester disk? Could we easily provide information to the 'powers that be' if it were stored in Navy DIF or AmiPro version 1.2? This becomes a thorny point when 'they' insist on the original document - even file viewers cannot guarantee fidelity of view...

Overall, the KISS (Keep It Simple, Stupid) approach to governance and compliance is the best - start with a high-level framework and look for the technical solutions that will facilitate the framework. Then look at what a company's needs are for specific areas of governance and layer solutions over the framework. This should give a higher level of flexibility for the future and prevent that horrible feeling when you think you have everything covered and find that the one piece of information Chief Inspector Knacker of the Fraud Squad is demanding is not covered by your swanky, multi-million euro compliance solution.

It is your data, and your behind that will be in a sling if you are not in compliance. As Clive points out, the best solution is to top-to-bottom make sure that your data is secure and available.

No comments: