Express Computer
Home  »  News  »  Compliance is no more a prime driver of IT risk and security: Gartner

Compliance is no more a prime driver of IT risk and security: Gartner

0 55

The need to ensure compliance with regulations should no longer be the primary consideration of CIOs when planning IT risk and security measures, according to Gartner Inc. Gartner said compliance is an outcome of a well-run risk management program and should not dominate CIOs’ decision making.

“By simply trying to keep up with individual compliance requirements, organizations become rule followers, rather than risk leaders. CIOs must stop being rule followers who allow compliance to dominate business decision making and become risk leaders who proactively address the most severe threats to their organizations,” said John A. Wheeler, Research director, Gartner.

Risk leaders evaluate anticipated compliance risks by tracking key regulatory and business changes. They then create a plan to address compliance requirements in a strategic and proactive manner that improves resilience and influences their business’s success.

Wheeler added that, too often, organizations still treat compliance activities as a checkbox exercise with little regard for the related risks they are intended to address. “Organizations must change this reactive, check-the-box mindset and start viewing compliance as a risk,” he said.

In this way, organizations are relying more on their own risk assessments to guide their implementation of controls rather than the “classic” compliance approach of implementing mandated controls regardless of the anticipated risk severity or impact.

“If CIOs are managing their risks effectively, their compliance requirements will be met, and not the other way round,” added Wheeler.

Given today’s proliferation of regulatory mandates, it is challenging for organizations to develop a more forward-looking, adaptive approach. CIOs are often distracted by their efforts to keep up with specific regulations. This needs to stop.

“They must create a formal and defensible program of controls based on the specific situation and risks unique to their business. The rules and laws should then be mapped into the controls that have been proactively selected, and a defensible case should be made that the laws are being appropriately addressed,” explained Wheeler.  

When treated in this manner, compliance becomes simply another category of risk that is addressed as an exercise in control mapping and defensibility. CIOs should work with their security and risk management teams to build a formal program that can adapt to the changing landscape of regulatory requirements and that protects the organization from anticipated risks.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image