07/14/2008

Organizations are making progress in achieving regulatory compliance, but nearly 75 percent are either still treating each compliance regulation as an individual project or using manual methods to manage compliance, according to a survey on compliance progress and issues released today by Avior Computing Inc.

ebizQ received the following:

The bi-annual survey of IT compliance and risk executives by Avior found that while some progress is being made on automating compliance processes, silos of compliance still exist in a majority of organizations, and these silos lead to inefficient compliance processes.

Overall, the survey found that organizations are making progress in achieving compliance, but a surprisingly large number of organizations are either still treating each compliance regulation as an individual project, or using manual methods and tools to test for and manage compliance, or both. Key survey response findings include:

• Organizations are still largely treating each compliance regulation as a separate project or silo. 43 percent of respondents are operating this way, while 28 percent indicate that they are working towards a unified compliance process, and another 28 percent have achieved a unified process.



• Assessments are an area where some optimization needs to occur: 70 percent of responding organizations use separate assessments, one per regulation, while 30 percent are using a unified assessment spanning multiple regulations.



• Spreadsheets and databases remained the most popular tools used to manage and track compliance, while compliance automation tools were used by 42.5 percent.

The full survey report is available upon request by sending an e-mail to info@aviorcomputing.com.

"It is not surprising that organizations continue to struggle with mapping of multiple regulations to common controls and to assessment questions" said Steve Katz, President of Security Risk Solutions, and former CISO of Citigroup, Merril Lynch, and JP Morgan. "Managing the compliance process with manual approaches will continue to be challenging for organizations with multiple regulations and standards."

Avior plans a follow-up survey in the fall of 2008 to explore some of these compliance process issues in more detail.

"This survey confirms what our customers tell us. IT organizations are besieged with compliance audits and reporting status requests. The stakeholders in the organization are experiencing survey fatigue from completing multiple overlapping assessments." said Steve McCalmont, Avior Computing CEO. "Our clients tell us that implementing leveraged approaches to compliance mapping and assessments allow them to be far more effective in their compliance processes, and to get more done with less manual labor."