Log inskip to content

« Mar iCalendar May »
April 2008
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
282930EC

Upcoming Events

  • No events.

Just as with the Y2K crisis of seven years ago, IT workers are being called upon to don superhero suits and save the enterprise from impending technology trouble. But this time, IT will be sifting through the complexities of the federal Sarbanes-Oxley Act of 2002

Public Companies over 75 million already need to comply by 12/15/2007...

Will your SMB be Ready?

Calendar

April 2008
M T W T F S S
« Mar   May »
 123456
78910111213
14151617181920
21222324252627
282930  

Monthly Archives

Google
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter

April 18th, 2008

Compliance Results among Small Businesses

ITPolicyCompliance.com

Performance Results: Small Business

The majority of small businesses - those with revenue, assets under management or budgets of less than $50 million - are performing at the norm when it comes to compliance results (Table 1).

 

Table 1: Small Business Compliance Results

 

Small
businesses

All organizations, private and public

Laggards

(More than 15)

20%

21%

Norm

(3 to 15)

69%

70%

Leaders

(Less than 3)

11%

9%

Source: ITPolicyCompliance.com, 2006

Compliance Results: Size Does Not Matter

 

The compliance performance results - for small business - are nearly dentical to the performance results for all organizations.  Despite slight differences, the smaller size - and presumably fewer available resources - does not materially influence compliance performance results among small businesses.

Strategic Actions to Improve Results: Mixed Results

The top five prioritized strategic actions taken by small businesses do not match, one for one, the strategic actions being taken by organizations with the best (fewest deficiencies) compliance results (Table 2).  

Moreover, increasing the frequency of monitoring - the key factor determing results - is not emphasized enough by most small businesses. On average, small businesses are conducting IT audit, monitoring and reporting once every 200 days: far short of the once every 21 days of the industry leaders.

 

Table 2: Top Five Strategic Actions for Compliance

Compliance leaders

Small business

1. Documented business procedures, IT assets and IT controls

1. Automated IT configuration and controls management

2. Changed business procedures to comply with mandates

2. Automated monitoring and reporting 

3. Automated monitoring and reporting to improve results

3. Changed business procedures to comply 

4. Automated configuration and controls management

4. Automated IT security controls and procedures

5. Increased the frequency of monitoring, measurements and reporting

5. Delivered training and accountability to employees

Source: ITPolicyCompliance.com, 2006

Guidance Recommendations:

Guidance for small businesses, based on fact-based benchmark results, include:

  • Document business procedures, IT assets and IT controls
  • Increase the monitoring of IT policies, controls and audit logs to monthly or more frequently
     

© IT Policy Compliance Group, 2006

This entry was posted on Friday, April 18th, 2008 at 6:19 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« New ISO Standard For IT Disaster Recovery Released
IT Policy Compliance: 2007 Year in Review »

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>