In addition, Sarbanes-Oxley mandates that internal controls and financial reporting procedures be evaluated annually to see if they're adequate. The amount of controlled data is often massive, and logging, archiving and being able to produce communications upon request is labor-intensive and costly.
Another important compliance issue stems from the fact that some companies are concerned that they're spending too much time wrestling with the details and appearance of compliance and not spending enough time on security in general. A recent Ernst & Young report suggests that companies are failing to look into vulnerability issues related to endpoint security for systems such as laptops, wireless networks and Internet telephony -- a dangerous development with potentially disastrous consequences.
The National Institute of Standards and Technology offers an introductory resource guide for implementing HIPAA, which can be found at http://csrc.nist.gov/publications/nistpubs/800-66/SP800-66.pdf. The Federal Trade Commission offers advice for complying with the financial privacy requirements of Gramm-Leach-Bliley at www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm. A growing number of consultancies have arisen that do nothing but guide companies through the thicket of compliance.
There are numerous software tools and hardware appliances available to help businesses manage each step of the compliance process. Mounting regulatory pressure has created several thriving markets for categories such as compliance monitoring and management software and unified threat-prevention systems, in addition to giving a boost to plenty of security and auditing tools that have been around for a long time.
Where once compliance was simply important, in today's business climate, a slip outside the rules can have consequences that range from disasterous to fatal for a company. Organizations must also be able to prove they're compliant in case the feds come knocking at their doors. The bottom line: While regulatory compliance and other issues may seem insurmountable -- or at least overwhelming -- failure to meet requirements and mandates can and will result in stiff penalties. There's no choice but to bite the bullet and make use of the tools that are out there.