IT Compliance

IT compliance is the process of ensuring the organization is implementing and maintaining effective controls that meet or exceed the requirements set forth in policy or other mandates. In doing so, management helps ensure it is operating within the risk appetite of the organization.

IT security and change controls are a large part of the control structure, especially general controls (the foundation on which effective application controls can be built). These encompass all three types (organizational, management and technical) and are the focus of IT compliance programs.

Risk management is often described as the next wave of IT compliance. This is evident in standards and frameworks such as COSO’s Enterprise Risk Management Integrated Framework, ISACA’s Control Objectives for Information and Related Technology (COBIT), ISO/ IEC 17799:2005 (and equivalents), and others.

NetIQ Compliance and Risk Management Methodology

NetIQ has defined a three-stage methodology for compliance and risk management. This methodology is based on principles from leading compliance and risk management frameworks such as COSO’s Enterprise Risk Management Integrated Framework, ISACA's Control Objectives for Information and Related Technology (COBIT), the National Institute of Standards and Technology (NIST) risk management framework (based on numerous Special Publications and Federal Information Processing Standards), and others.

Unlike these frameworks and models, however, our methodology provides the flexibility to fit almost any process that has been implemented by a specific organization.

Featured IT Compliance Solutions

There are three stages to NetIQ’s methodology for an effective approach to IT compliance and risk management.

• Assess
  A review, inventory, and audit of the IT infrastructure for compliance with SLAs, OLAs, and policies as well as vulnerabilities and exposures.
• Operate
  Daily monitoring and administration to meet policies, including detecting and responding to service problems, security breaches, and unauthorized or potentially damaging changes.
• Control
  The implementation of preventive or corrective controls to mitigate the risks of compliance exceptions or security breaches.

Solutions
	Overview
	Enterprise Sys. & App. Management
	Security & Compliance Management
	Operational VMware Management
	IT Process Automation
	Regulations & Standards
	Platforms & Applications
	Industry Solutions
	IT Infrastructure Library (ITIL)
	By Roles & Responsibilities

The Fusion of Compliance and Risk Management Whitepaper