IN THE EARLY TO MID-2000s, many large corporations suffered public failures. Since then, a number of compliance laws have been introduced. Many of these laws and regulations place an increased responsibility on information technology (IT) staff. This increased responsibility ensures they have proper information system controls throughout the environment to provide the necessary security of customer data. In addition, they ensure the integrity of the systems upon which business processes run.

Compliance goes beyond just conforming to internal policies and standards. Compliance extends outside of the organization, mapping to external regulations and industry standards. Regular assessments ...