IT professionals and business groups are calling on the
government to co-ordinate a rising tide of compliance regulations
as IT departments grapple with their implications for companies'
infrastructure.
Businesses are carrying out formal reviews to understand the impact
of regulations such as Sarbanes-Oxley and Basel 2 on their IT
systems, only to be faced with further regulations that require
further reviews, said Ray Stanton, head of group security at
BT.
"We need to see a drive from industry to force government to take
leadership in an international context. If we are going to have
regulations that affect businesses internationally, why not have
co-ordinated programmes [that minimise the work]," he said.
There are cases where companies perform audits to assess the impact
of one regulation, only to find another regulation comes along that
requires another audit, said Jeremy Beale, head of e-business at
the Confederation of British Industry. "We are looking at the
possibility of getting some sort of coherence to information
security audits. This is a discussion we are having with various
groups," he said.
Paul Simmonds, global information security director at ICI, said
his firm was having to deal with more than 20 pieces of
legislation, from the Health Insurance Portability and
Accountability Act in the US to the European Data Protection
Directive and Canada's Privacy Act.