Compliance in Industries: Introduction

Information is the most valuable asset of any organization. It belongs to the organization itself and sometimes it is public and/or government. Across the world, government and standard bodies have issued a growing number of regulations designed to ensure the triad of information security viz. confidentiality, integrity and availability of personal and corporate data. These mandates apply on a range of industries, from financial institutions to healthcare providers to utilities firms to retailers and beyond. Regulatory compliance is mandate for the organizations as well as individuals. Non-compliant of any applicable regulation can lead to legal action against the organization and/or individuals.

The specific details of these regulations are as varied as the industries they serve. However, most contain sections that require companies to secure each user’s credentials and manage all access to IT-based systems. Taken together, these individual regulatory guidelines point toward a growing consensus of what constitutes best practices in identity management and IT security.

As the organization grows there is mandatory demand of compliance but the problem faced by many organizations are identifying applicable regulations, standards and implementing them effectively. At the same time auditing the same is another concern.

My intention for this post is to explore these compliance-driven best practices, how unified solutions support them, and how prioritizing their implementation makes good business sense beyond the fulfillment of compliance requirements.

This post is a piece of my in progress white paper on compliance which I am sharing with you all. This is incomplete without involvement of people and I request you all to share your views and expert solutions to this high priority concern of information security.

Looking forward to receive your precious comments!