{"id":14270,"date":"2018-09-24T17:46:22","date_gmt":"2018-09-24T15:46:22","guid":{"rendered":"https:\/\/www.sms77.io\/blog\/compliance-and-it-interfaces-with-weak-points\/"},"modified":"2023-02-16T14:39:05","modified_gmt":"2023-02-16T13:39:05","slug":"compliance-and-it-interfaces-with-weak-points","status":"publish","type":"post","link":"https:\/\/www.seven.io\/en\/blog\/compliance-and-it-interfaces-with-weak-points\/","title":{"rendered":"Compliance and IT: Interfaces with weak points"},"content":{"rendered":"

Hardly any business process today works out without IT support. Compliance is no exception. On the contrary, compliance is often a burden on the shoulders of the IT department. To implement all this across hierarchies, professional solutions are required.<\/strong>
\n
\nBetween lack of communication and technical barriers<\/h2>\n

In every company, compliance should not just be a key word on the fringes, but should actually be clearly defined across all levels and structures and adhered to. Normally, this includes nothing less than a highly complex set of regulations and behaviours. Whether it’s organizational measures, copyrights, license management or transaction analysis, compliance processes apply to all employees without exception, even though they are not applied by everyone to the same extent. The IT department is usually commissioned to carry out these processes, ranging from assigning authorizations in the file system to special applications for compliance processes.<\/p>\n

Although IT thus represents an essential interface between employees and company regulations, it often tends to develop a life of its own. Lack of communication between departments often leads certain connections not being understood and thus the clean execution of the Compliance is neglected.<\/p>\n

On the other hand, technical barriers and a lack of or underqualified specialist personnel hinder a profound system analysis. Weak points remain undetected or are not corrected properly and the entire company becomes vulnerable.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section>

IT compliance vulnerabilities<\/h2>\n

Information is already lost between individual departments during the basic instruction on regulations. New employees are trained on the side during the full daily workload, other specifications are spread through the silent post scheme and thus falsified or the technical jargon is simply not sufficiently broken down. Even employees who have been working for the company for years miss the connection to innovations if the communication is not always clean and unambiguous.<\/p>\n

still an explosive example is the passing on of passwords. Time and again, incidents become known in which employees did not pass on their company passwords to natural persons, but have used them to authenticate services outside the company. As a result, passwords fell into the hands of third parties and were sometimes misused for hacker attacks on the company. One can assume that password compliance was not properly understood here.<\/p>\n

Even measures such as the four-eyes principle or detailed logging are only of limited help if employees literally carry company-specific data to the outside world. For example, data carriers such as USB sticks are regularly lost. A similar compliance violation confronted a semiconductor manufacturer with the worst case scenario. Here an employee forgot to perform the prescribed virus scan of a download file and a virus entered the company network. Several company locations were threatened by a total loss of production.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/section>

<\/i><\/div>

communication deficits<\/h4>