Ensure Compliance with External Requirements
Effective oversight of compliance requires the establishment of a review process to ensure compliance with laws, regulations and contractual requirements. This process includes identifying compliance requirements, optimizing and evaluating the response, obtaining assurance that the requirements have been complied with and, finally, integrating IT’s compliance reporting with the rest of the business.
Identification of External Legal, Regulatory and Contractual Compliance Requirements
Identify, on a continuous basis, local and international laws, regulations, and other external requirements that must be complied with for incorporation into the organization’s IT policies, standards, procedures and methodologies.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Optimization of Response to External Requirements
Review and adjust IT policies, standards, procedures and methodologies to ensure that legal, regulatory and contractual requirements are addressed and communicated.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Evaluation of Compliance with External Requirements
Confirm compliance of IT policies, standards, procedures and methodologies with legal and regulatory requirements.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Positive Assurance of Compliance
Obtain and report assurance of compliance and adherence to all internal policies derived from internal directives or external legal, regulatory or contractual requirements, confirming that any corrective actions to address any compliance gaps have been taken by the responsible process owner in a timely manner.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Integrated Reporting
Integrate IT reporting on legal, regulatory and contractual requirements with similar output from other business functions.