KuppingerCole Report
Advisory Note
By Matthias Reinwarth

Sustainable Infrastructures through IT Compliance

Well-designed, state-of-the-art compliance programs help in maintaining an adequate IT architecture and its underlying processes. Forward-thinking organisations understand compliance as a strategic and future-oriented business objective, and embed IT Compliance and security into their organizational process framework and transform compliance expenses into strategic budgets.

1 Management Summary

IT Governance as the sum of all policies, the organisational structure and the enterprise process framework must ensure that IT is implemented adequat ...

Login Get full Access

2 Highlights

  • IT Compliance and Risk Management must be understood as not an additional burden.
  • Embedding IT Compliance and Risk Management into all relevant bu ...
Login Get full Access

3 Introduction

This document suggests a paradigm change by understanding IT Compliance as a central corporate goal, thus enabling new synergies and fostering busines ...

Login Get full Access

3.1 Building blocks of IT Governance

IT Risk management is often considered to be a part of IT Governance. This discipline looks at threats and risks to information and the systems proces ...

Login Get full Access

3.2 Regulations and requirements

Many requirements are imposed on organizations based on national or regional legislation but also on the basis of their industry or the type of busine ...

Login Get full Access

3.3 Best practice frameworks

Identifying the applicable requirements is an important task. Once those have been determined, it is of course of importance to get to an adequate pro ...

Login Get full Access

4 Business values as the basis for a strategic IT compliance approach

Forward-thinking organisations build their corporate actions on a solid basis by defining corporate goals and pursuing them constantly. Extending typi ...

Login Get full Access

4.1 Identifying business values beyond mere regulatory compliance

An essential, strategic challenge for every organisation is the definition of adequate corporate goals. These goals ideally determine the bottom line ...

The important step that should be taken up-front is to understand that a change in focus is required. Taking additional or modified enterprise objecti ...

Login Get full Access

4.2 Building on a mature GRC program

Companies in the financial services sector were among the first that had to get used to various national, international and sector-specific standards ...

Login Get full Access

4.3 Understanding external and legal requirements as success factors

Being compliant to legal requirements has typically not been considered as a main objective for organisations. But once it is understood that the fail ...

An adequate definition of corporate objectives between traditional market oriented goals and secondary goals as described above needs to be accepted a ...

Login Get full Access

4.4 Changes in business models and IT

Many factors influence the changes that can be currently seen and that will have an impact on the way we do business today and even more tomorrow. Now ...

Login Get full Access

4.5 From external requirements and corporate objectives to a policy framework

An essential part for defining the necessary requirements is the set of external laws and regulations to be met. Understanding which legal and regulat ...

The high level of abstraction for these documents implies that not all internal or external requirements need to be codified within corporate policies ...

Login Get full Access

5 IT Compliance and IT Security by design

With the increasing number of legal requirements as well as the growth in of individual requirements, many organisations must identify the right contr ...

Login Get full Access

5.1 Determining and documenting business benefits

Embedding the demands resulting from IT Compliance into robust and secure IT processes and technologies is both a challenge and an opportunity for man ...

The following two sections illustrate potential benefits as examples for the advantages that can be gained from the suggested approach.

Login Get full Access

5.2 Potential benefits for breach and incident management

Breach and incident management systems are designed to achieve a controlled and proactive approach to handling security threats and incidents. They im ...

Login Get full Access

5.3 Potential benefit for infrastructure management and sustainability

A strong level of control over corporate IT systems, no matter whether they are in the cloud, on premises, or a hybrid, helps in achieving a much bett ...











Maintain policy ...

Login Get full Access

6 Recommendations

One main conclusion is that implementing IT Compliance as a corporate objective needs to be understood and facilitated not only within IT but also fro ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.