JUser: :_load: Unable to load user with ID: 324
No one enjoys an audit. You know that compliance and security are vital areas for your IT department, but facing an audit in these areas is like heading to the dentist for a root canal. Audits always seem to come at the wrong time. And it doesn’t help that no matter how prepared you think you are, the compliance auditor is going to find something wrong — after all, they have to keep their job.
Fortunately, you don’t have to suffer with anxiety every time a security or compliance audit is announced. By proactively addressing compliance and security issues, and performing regular checks that make compliance a year-round focus instead of an annual scramble, your IT department can rest easy when the auditor shows up.
Here’s what you can do to handle compliance issues regularly and stay prepared for audits 365 days a year, while also handling your day-to-day IT project load.
Plan (and budget) compliance work for IT every year
Like most of the IT industry, compliance and regulations change continually. It’s essential for your IT department to work proactively on compliance every year, rather than simply catching up before (or after) an audit. The best solution here is to plan realistic budgets and implement new compliance measures as they come up, instead of waiting for an auditor to point out the fact that they’re missing.
Designate a compliance control point
Rather than spreading compliance tasks through your IT team on an as-needed basis, which often results in a last-minute rush before an audit, appoint one person as your compliance central command to plan and budget your needs. This ensures someone is always keeping an eye on compliance, and you’ll know about potential problems before they become major issues.
Some of the responsibilities for your control point should include:
- Reading the latest compliance and security publications
- Attending conferences on new or changing regulatory and security measures
- Scheduling the IT work required to ensure consistent compliance
Perform regular self-audits
Waiting for your regulators to show up for an audit can throw your IT department into a minor panic. To help control audit fever, create a regular audit schedule and perform “dry runs” with either internal auditors, or a third party that is separate and distinct from your regulators. In addition to helping your department understand and experience audits, these practices also help to strengthen your company’s security and governance positioning.
Prep a single file for your documentation prior to an audit
When you have an upcoming audit, prepare a single binder or efile that contains all of your documentation for compliance, including procedures, policies, system flow diagrams, and anything relevant that pertains to governance or security. Presenting this file to an auditor not only makes their job easier, but also creates a favorable first impression of your preparedness — which can positively impact your overall assessment.
By taking proactive steps to address security and compliance issues before audits happen, you and your IT department can ease audit anxiety and come through the experience quickly and painlessly. Speak to the staffing experts at The Armada Group today, to ensure your company is compliant and to ensure all your staffing needs are met.
Minnie Yuan, Video Test Engineer at Cisco
For over a year now, Minnie Yuan has been a team member of The Armada Group working as a Video Endpoint Test Engineer for Cisco Systems, Inc. Prior to working for Cisco, Minnie attended the University of Massachusetts and graduated with a M.S. in Computer Engineering where she began working for High Tech company in Massachusetts. In 2000, Minnie relocated to California to explore her opportunities in the world-renowned Silicon Valley. When she reflects on the advantages of the West Coast, she comments, “With so many companies in [the] Silicon Valley, we [engineers] definitely have an advantage with working for different companies with software testing experience and expertise.” Through Minnie and Armada’s team effort, she was connected to such an experience, and has since enjoyed working with Cisco’s TelePresence System.
Discussions about Storage, Consulting Best Practices, and Cloud!
Earl has worked with Armada for our client SCEA (Sony Computer Entertainment America, LLC, the makers of PlayStation) for just under a year, and he has an impressive 15+ year background in storage and network, which has given him the opportunity to work at companies such as, Honeywell Aerospace, NetApp, FormFactor Inc., and various positions in IT for the State of California. We caught up with Earl last month to discuss trending topics in storage and NetApp and how his role at Sony CEA is affected by the cloud. In his current role with Armada, he is working for SCEA on performance management and storage.
Interview with Jeff Macias a Video Training Expert at eBay
We recently sat down with team member Jeff Macias, a Video Training Expert at eBay, and discussed how he keeps up with the fast paced world of video communications and his thoughts on the future of video education in enterprise companies. Jeff is a recognized expert in the video training field, with his areas of expertise being: Dreamweaver, iMovie, Flash, Photoshop, Audacity, Podcasting, RSS Feeds and HTML. His degree in Radio Television Film and minor in Communications of the Information Age at San Jose State prepared him for the current job he is doing at eBay.
The crux of the discussion was around the statement “cloud is an applications centric operations model”. The discussion focused on two different issues;