Your shout: Compliance, security policies, value of IT investments

Computer Weekly reader's give their views on the week's news

Have your say at

Compliance is not just a matter for the big boys

Chris James, Overland Storage

Phil Manchester’s article “Cashing in on the value of compliance” (Computer Weekly, 23 May) presents a good series of points surrounding the business benefits that can be gained through becoming compliant. However, I feel that its focus on the “big boys” is somewhat misleading.

Sarbanes Oxley and the pending MiFID regulations affect the mid-market as much as the blue chips. For example, the scope of MiFID is far greater than the Investment Services Directive (ISD) that it replaces, and many mid-market companies may be unwittingly ensnared in its net.

For that reason the questions the boards of mid-market firms need to answer are, “will the regulations affect me?” and if so, “can we afford to comply?” or perhaps more importantly “can we afford not to comply?” Even if they do fall within the scope of a new regulatory regime, the opportunity to “cash in on the value of compliance” is as real for the mid-market as it is for the larger enterprise.

The twofold advantages of early compliance

Steve Tomlinson, ZEDA

There is no doubt that costly and extensive IT requirements are unavoidable when it comes to complying with ever more complex financial regulations like MiFID (Computer Weekly, 23 May). But while the actual deadline and costs involved are still moving targets, there is one thing that is certain: the longer banks leave it to get an action plan in place, the more costly it will be.

The advantages of complying early are twofold. Firstly, it will enable businesses to acquire the niche skills and resources they need at a lower cost, before high demand pushes up salary expectations and the poaching of skills becomes prevalent. Secondly, by getting projects underway early, businesses will have more time to test new systems and prevent costly failures further down the line.

However, it is not enough to simply plan and acquire resources. It is equally important that plans, skills and knowledge are cascaded down the company. This way, if a bank does fall victim to skills poaching or a similar loss of resources, then all is not lost in the race to comply with MiFID and the 40 or so further regulations expected to be in place by 2010.

IT departments bear brunt of board’s illusions

Gary Clark, SafeNet

Given that security breaches cost the UK £10bn per year, it is disappointing to see that winning financial support for security projects is such a long and drawn out process (Computer Weekly,  23 May).

An organisation’s information is its lifeblood and the key to business success. The introduction of the internet and online facilities means that while the business opportunity has grown, so has the threat. If standards and security policies that focus on staff education and the smart use of technology are not put in place, sensitive company information will always be just one step away from falling into the wrong hands.

Such enforcement needs to come from the board. However, as long as these executives are still under the illusion that security is not a vital part of their organisational infrastructure, the company’s health and reputation is at risk. And IT departments, although often bearing the brunt of security failings, will continue to be powerless to stop it.

Resist the pressure to implement fashion-led IT

Richard Barker, Sovereign Business Integration

As John Riley states in his article (Computer Weekly, 23 May 2006), there is a failure at board level to quantify in any meaningful terms the value of IT investments, often leading to unnecessary expenditure. 

Many IT directors now find themselves under increasing pressure to initiate a blanket adoption of the latest and greatest, without considering who would really benefit from the device, and who would merely be acquiring an expensive – subsidised – plaything.

Turning down a request from the board for wholesale deployment of PDAs may be a tough political call for any IT director, but failing to make clear the real cost of such technology is a dereliction of duty.

In an environment where electronic devices are getting ever cheaper, the real cost of ownership is significant, requiring additional support staff, increased network security – even an overhaul of the network infrastructure to deliver business continuity and high availability. Just where is the business benefit?

Fashion-led IT investment is all too frequent at the moment. Any conscientious IT director must now be prepared to put their head above the parapet and lay down strict quantifiable criteria that any IT investment should meet.

Answer back

Do you have a fresh take on someone's opinion on this page, or somethign to say about a Computer Weekly article? E-mail [email protected]. Please include a daytime phone number.

Read more on IT risk management