IT Compliance includes compliance with and implementation of legal, corporate and contract requirements: the goal is to deal with all aspects of information technology (IT) in a responsible manner.
IT compliance is particularly relevant for public limited companies and for private limited companies. Chairmen, CEOs and managing directors are accountable for the compliance with laws and regulations. Neglecting their obligation may lead to prosecution where civil law as well as criminal law may be applied. IT compliance is therefore not an end in itself. The provision of IT services according to the current technical standard in connection with the due-care standard runs like a thread through the entire business law. Legal compliance measures relate to companies, legal entities, managers and directors but also to supervisory bodies and employees. Therefore, IT also needs to deal with legal issues.
Due to the multitude of standards laypersons are facing the problem that they either do not know about a regulation or they do not know whether the rule is applicable to their IT operations. Therefore, the liability risk is relatively high.
IT compliance takes account of both compulsory (national/international law, EU law, etc.) and voluntary standards.
The following legal areas are relevant to IT compliance:
The aim of IT compliance is to ensure an extensive and lasting compliance with legal and corporate requirements. Among other things, this results in an advantage for business valuation and higher IT security by minimising risks. In addition, an appropriate IT compliance reduces the liability risk, optimises processes and finances, the corporate image can be improved, a competitive advantage can be established and not least the value of the company can be increased. IT compliance also enables management to save costs for example by recognising and avoiding overlicensing.
As personal liability of management only occurs in case of proven negligence, i.e. when systems below the current technical standard are used. CRISAM® points out the IT system’s vulnerabilities in a detailed manner and provides a separate content library for the assessment of the different legal areas: CRISAM® RV IT Legal Essentials Pack. This content library supports you in finding out in which legal areas measures for improvement have to be taken in order to bring down the liability risk, to keep it on a low level in the long run and to improve legal compliance in the company.
For each legal matter shown in the figure (IT-Legal Essentials) the CRISAM® IT Legal Essentials Pack provides a separate module. The verifiable laws are included as control objectives – which are explained thoroughly and comprehensibly – in the modules. Supported by the explanation it can be checked whether the laws are applicable to your IT operations or to specific IT services. Notice that only laws which are relevant to the company need to be assessed.
You can find further information on "IT Legal Essentials" in the relevant datasheet.