IS THIS YOU – – IT Manager / IT Director / CIO / CTO /Program or Product Management / Quality Manager?

IS THIS YOU – – IT Manager / IT Director / CIO / CTO /Program or Product Management / Quality Manager?


Roles and Responsibilities/Accountabilities – more than titles – there are regulatory or legal obligations that you are accountable for in your current role for and on behalf of your employer.

Non Compliant can mean many things.

You may face legal action. Corporate regulators may impose fines. Your Insurers may cancel your policy. You may be sued for non-compliance. Shareholders may take action. Suppliers or Customers may take legal action or seek damages. You may suffer “damage to BRAND & REPUTATION” and there goes your business.

The following questionnaire provides a quick review of where you may be non-complaint or your organisation. – (Australia only)

Compliance Area Standard or Regulation
Professional Standards & Ethics
  •   IT Security Governance
  •   Information Security framework compliant to ISO27001
  •   ISO 20000 International Standard for Service Management
IT Governance:
  •   AS8015-2005 The Australian Standard for the Corporate Governance of   Information and Communication Technology
  •   AS 8001-2008 Fraud   and corruption control
  •   AS 8002-2003 Corporate   governance – Organizational codes of conduct
  •   AS 8000-2003 Corporate   governance – Good governance principles
  •   AS 3806-2006 Compliance   programs
  •   ISO 17799’s “Information Technology – Code of Practice for Information   Security Management.” –
  •   AS 4590-2006 interchange   of client information
  •   ISO 27001/BS17799 International Standard for Information Security   Management Systems
  •   IT Security Governance Framework
  •   ISO/IEC 18028-4:2005 Information technology – Security techniques – IT   network security – Part 4: Securing remote access
  •   ISO/IEC 18028-3:2005 Information technology – Security techniques – IT   network security – Part 3: Securing communications between networks using   security gateways
Regulation & Legislation for ICT
  •   Corporations Legislation Amendment (Simpler Regulatory System) Act   2007 – Section 38, Subsection 314(1)
  •   Australian Companies Code (ASIC) Auditing/Certification Conformance
  •   Software licensing/open source
  •   Outsourcing/offshoring/partnerships/contracts – Frameworks &   compliance policies – Board of Directors approved
  •   ISO/IEC 16085:2006 Systems   and software engineering — Life cycle processes — Risk management
  •   Compliance to SOX, Basel II, IFRS, HACCP,….
Record Keeping:
  •   Information   Privacy Principles [IPP](Privacy   Act 1988) & amendments
  •   National   Privacy Principles [NPP] (Privacy Act   1988) & amendments
  •   Legal requirements for Record Keeping – Electronic   Document Management allows legally recognised   documents used in e-commerce transactions to be created, transmitted and   stored
Environmental   Impact:
  •   ISO14000 Series of Standards on Environmental Management Systems.
Quality   Assurance
  AS/NZS   4801:2001 Occupational   health and safety management systems
  AS/NZS ISO 9001:2008 Quality   management systems
  AS/NZS 5050:2010 Business   continuity – Managing disruption-related risk
  AS/NZS ISO 31000:2009  Risk management – Principles and   guidelines

Take action

Contact us for a confidential assessment on areas of compliance and development of a roadmap to get you compliant and/or operating with Worlds Best Practice Standard’s

This entry was posted in Business, Research and tagged , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s