Ensure Compliance with External Requirements

Effective oversight of compliance requires the establishment of a review process to ensure compliance with laws, regulations and contractual requirements. This process includes identifying compliance requirements, optimizing and evaluating the response, obtaining assurance that the requirements have been complied with and, finally, integrating IT’s compliance reporting with the rest of the business.

Identification of External Legal, Regulatory and Contractual Compliance Requirements

Identify, on a continuous basis, local and international laws, regulations, and other external requirements that must be complied with for incorporation into the organization’s IT policies, standards, procedures and methodologies.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Optimization of Response to External Requirements

Review and adjust IT policies, standards, procedures and methodologies to ensure that legal, regulatory and contractual requirements are addressed and communicated.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Evaluation of Compliance with External Requirements

Confirm compliance of IT policies, standards, procedures and methodologies with legal and regulatory requirements.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Positive Assurance of Compliance

Obtain and report assurance of compliance and adherence to all internal policies derived from internal directives or external legal, regulatory or contractual requirements, confirming that any corrective actions to address any compliance gaps have been taken by the responsible process owner in a timely manner.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Integrated Reporting

Integrate IT reporting on legal, regulatory and contractual requirements with similar output from other business functions.