Loricca is a Service Disabled
Veteran Owned Small Business
Businesses must comply with an ever-increasing number of regulatory and legislative requirements that affect all levels of the organization. Enterprises need to apply effective controls that meet compliance requirements. Our Compliance practice can help your enterprise design a solution architected to ensure that access to sensitive systems and data can be controlled and audited.
Fundamental to our Compliance practice’s approach is the concept of Architecture and Design. The Architecture and Design concept proceeds from an understanding that a given enterprise is typically subject to multiple sets of overlapping regulations that build an overall set of compliance requirements. (Sarbanes-Oxley, Gramm-Leach-Bliley, PCI, FFIEC, NCUA, various state privacy laws and many others within the context of its infrastructure). In addition, an enterprise may have internally adopted a compliance framework such as CobiT or SAS 70 that will shape requirements. And finally, the enterprise will have its own set of internal information security and audit policies that create requirements to be fulfilled.
Addressing these various requirements incrementally over time can lead to an increasingly inefficient patchwork of compliance-related solutions that creates unnecessary costs for operations and maintenance. A better approach is to develop a architecture and design solution that distills the superset of relevant regulations and directives affecting an enterprise into a more concise and transparent set of requirements that can be mapped to a solution set consisting of technology tools and business processes that verifiably fulfill the relevant compliance requirements. A program to implement the necessary solution set can then be formulated on the basis of architecture and design. That program might be to roll out an entirely new solution set if there is none in place, or if the existing solution is considered obsolete. If a satisfactory but only partial solution is already in place, the program would cover integration of additional solution components to enhance or complete the existing solution set.