Compliance guide for managers: Lessons learned and best decisions


Compliance guide for managers: Lessons learned and best decisions

Managers share their lessons learned and best decisions for building compliancy frameworks.

Kirk Herath, CPO, Nationwide Insurance Company

Lessons Learned: "You have to be a diplomat... be flexible... and deal with different people in different ways. Some of them will get it with just an explanation of why they need to do something to comply with GLBA; others you will have to cajole, and others you will have to pound on the table."

Best Decisions: "Choose one central person to manage the compliance effort. My group and I created virtual privacy teams and built them around our major business units. I asked all of the leaders underneath those headings to provide me with people to help implement GLBA."

Stephen Morenzoni, senior network engineer, Lake Forest Hospital

Lessons Learned: "As information went from being paper-based to electronic, it took time to realize that IT would have to store, for instance, the pension report because human resources needed to keep it forever. Comprehensive information management was something we had to embrace."

Best Decisions: "Y2K taught us very well and early on that HIPAA compliance has to be an organization-wide effort, not just an IT effort."

Michelle Dennedy, CPO, Sun Microsystems

Lessons Learned: "Know exactly what data is affected. SB 1386 was interesting because affected data was well defined. Having a database with unstructured data where you have not delineated sensitive categories

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

or mapped data to business units was a wake-up call for SB 1386 compliance."

Best Decisions: "The best decision we made was to communicate with the people who may be impacted [by SB 1386] and offer training for every director who conveyed information about SB 1386 to a team at Sun."

Tim Dotson, executive director of information technology solutions, SureWest

Lessons Learned: "Develop and maintain direct open communication with your auditor. I can't say we started that way. We made assumptions, and they did, too. It didn't work. So now each time we take a major step, we talk. It's not uncommon for us to talk weekly, or at least monthly."

Best Decisions: "Define the right number of key controls. These are the rules you place on yourself to ensure your financial statements are going to be stated accurately. When SOX first came along, we had 132 key controls. We've been able to refine down to those that are absolutely critical: 32.

This was first published in March 2006

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.