The onslaught of newer and highly complicated regulatory mandates has made compliance an issue of great importance. This surge of regulations such as SOX, HIPPA, Basel II, and our very own Clause 49 here in India has meant that more and more companies from across verticals have to pay greater attention and spend a larger chunk of their IT budget towards addressing the all important compliance area.

And it’s not like they have a choice. This is something that can’t be "worked around" and avoided. You got to do it, whether you like it or not.

According to US based research firm, AMR research, Governance, risk management, and compliance programmes will continue to be a high priority area for business and IT executives this year. The firm has predicted that spending on compliance will reach an estimated US $30 billion in 2007 as companies will look to tackle day-to-day demands while setting the stage for strategic approaches to structured operational and enterprise-wide risk management.

Compliance is driven by growth
According to Symantec, one of the basic drivers of compliance is growth. As companies grow larger, the perception of risk increases. This rapid growth fuels the increasing need for companies to look at compliance. Compliance is not just about following best practices, it is beginning to morph into a better way to govern IT.

"Indian companies just as their foreign counterparts are realizing the gravity of the compliance and risk management in the enterprise context," said Arshad Matin, VP, Compliance & Security Management, Symantec.

Now, although compliance is a hot topic of discussion among the ‘C’ level, achieving it is an issue in itself. Companies these days are constantly trying to reduce the cost and complexity associated with compliance initiatives. Symantec, advised enterprises to take an enterprise-wide approach to compliance, rather than a departmental approach or a mere IT centric approach.

Outline effective frameworks
Matin recommended that enterprises need to outline effective frameworks in order to deal with multiple regulations. This will enable to develop a sustainable compliance posture. Adoption of such a framework will simplify communication, validate the controls with auditors and regulators, and reduce the effort required (and, therefore, the cost to the organization).

Matin also parted with some best practices involved with compliance. Enterprises have been recommended to conduct internal regulatory and IT security audits on a monthly basis. Matin also feels that at least 25% of IT staff time must be spent on regulatory compliance.

Spend 10% of the IT budget on security
Apart from this, enterprises have been recommended to allocate more than 10% of the IT budget to IT security. Finally, it is very important to establish clear objectives and measure results at regular intervals.

"Establishing and sustaining compliance is a journey, not a destination. Today's enterprises need to evolve their compliance efforts from ad hoc projects to cost-effective and efficient processes that can be applied across various compliance initiatives involving the security and availability of information," mentioned Matin

"Indian companies are very serious about compliance. We’ve seen a significant rise of interest in compliance over the past few years, and we expect this need to achieve compliance will keep growing. People must think about it as a way to be better."