Compliance by Design: IT Controls that Work

CHAPTER 19: BRINGING IT TOGETHER

Making a case for change

When it comes to developing a business case for changing the way we envision, develop and implement IT controls, make every attempt to justify with metrics that are meaningful in the context of every-day operations, as opposed to point-in-time compliance.

As detailed in the prior chapter, the rate of failure seen in changes deployed in production, the mean time to repair a bug, the average time taken to remove access for a terminated employee, or per cent of failed back-up media, all convey a sense of urgency to keep the lights turned on.

Change does not have to come in the form of a neatly carved out compliance project. If anything, the label of compliance can spell doom from the start ...

Get Compliance by Design: IT Controls that Work now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Compliance by Design: IT Controls that Work by Chong Ee

CHAPTER 19: BRINGING IT TOGETHER

Making a case for change

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly