Managment Information Systems

profileVeena
BA60272H619ManagementInformationSystemsGroupB3.pptx

CHALLENGES IT DIVISIONS FACE IN ACHIEVING REGULATORY COMPLIANCE

IT Regulatory Compliance in a generic sense means adherence to certain guidelines, specifications, and laws implemented in terms of the Industry of that business.

If a company has started implementing them recently, they might present a challenge because there must be continuous monitoring of the changes in the process and every change needs to be within the standards.

Employees dislike over the compliance trainings which have potential causes blankness and negligence of the concepts leading to ineffective firm’s internal control (Baxter & Wood, 2016).

Personal Devices like Phones, tablets in the workspace along with the ever changing software patches and updates can be one of the biggest challenges.

Industry-Specific regulations like HIPAA (Medical), NERC (Electric Utilities), and FISMA (Federal Agencies) so on.. can increase the complexity of the specifications.

REGULATORY COMPLIANCE

In today’s intricate regulatory environment, to tackle the costs and complexities of governance requirements, organizations must comply a wide range of regulations such as HIPAA, Sarbanes-Oxley Act (SOX), PCI DSS, Gramm Leach-Bliley (GLBA) and many more.

Our group will focus on PCI DSS, HIPAA and Sarbanes-Oxley (SOX).

The primary goal of PCI DSS is to enhance the security of cardholder information and required when the data is processed or stored (Beissel, 2014).

HIPAA is a health aid regulatory act where it helps in protecting the patients’ privacy, health information and coverages (Bowers, 2017). Patients’ information in electronic form that is linked with a transaction is monitored and secured by HIPAA (LIMMROTH, 2020).

SOX act mandated strict reforms to existing securities regulations and imposed tough new penalties on lawbreakers for the financial frauds and restore integrity and public trust towards the financial markets (LOBO & ZHOU, 2010).

ORGANIZATIONAL VISION FOR IT COMPLIANCE

A couple of the Team members are certified in HIPAA that gives them an understanding of how company guidelines are a must follow and failure in result can lead to Huge penalties.

There is also a misunderstanding that the security of the data is only the IT department's work, but it is always good to remember that the company is only as strong as the weakest link, So having a secure culture from a basic janitor to a CEO is beneficial.

That, in turn, leads to High trust, Improves control and leads to a safer workspace along with various diversity of employees.

REFERENCES

Baxter, R. J., & Wood, D. A. (2016). Applying Basic Gamification Techniques to IT Compliance Training: Evidence from the Lab and Field. Journal of Information Systems., 119-133.

LIMMROTH, S. (2020). Policies and Procedures: The Foundation for a Comprehensive HIPAA Program. Journal of Health Care Compliance, 41-46.

Bowers, D. (2017). The Health Insurance Portability and Accountability Act: Is It Really All That Bad? Baylor University Medical Center Proceedings, 347–348.

Beissel, S. (2014). Supporting PCI DSS 3.0 Compliance With COBIT 5. COBIT Focus, 14-20.

LOBO, G. J., & ZHOU, J. (2010). Changes in Discretionary Financial Reporting Behavior Following the Sarbanes-Oxley Act. Journal of Accounting, Auditing & Finance, 1-26.