The art of compliance

Since 1988, the company has been architecting, integrating and implementing a full breadth of IT services for Fortune 500 customers across industry verticals. A well defined and proven set of core competencies, coupled with our elite status level with industry-leading partners, enables us to craft solutions based on best-of-breed technology tools and components.

Here Mark Melillo, President and Founder, discusses why its industry-recognized thought leadership enables the company’s associates to identify and implement business and technology solutions to produce cost savings and high return on investment while mitigating risk and ensuring compliance.

How can companies successfully align business, IT and compliance management issues?

MM. Before the decision-making occurs, companies need to establish an understanding of what the ‘real’ issues are. Once these issues are clearly defined and agreed upon, companies can better develop a plan for alignment. For example, cutting costs is one way companies might attempt to align these business areas; however, for companies to see effective investment return from their cost cutting, they also need to improve their efficiency and productivity. By implementing a solution that seamlessly integrates with, and leverages, their existing infrastructure investment companies can streamline their processes and create a more flexible and proactive IT environment.

An effective IT service management solution enables a company to manage the most critical business applications and transform the IT environment from one of reactionary and maintenance response to one that can be innovative… all while reducing costs and improving service levels.

Mitigating the risk of compliance failure is a growing business concern, especially amongst IT departments. What factors do companies need to consider when approaching this increasingly important issue?

MM. It’s a cliché, but you need to know what you don’t know. It’s crucial for an organization to be able to step back and engage in an independent audit or assessment to review its current practices and policies. How manually intensive are they? Do the policies deal with just one area of the business or are they encompassing?

Once a company has the results of an audit, it can identify what changes are needed and the best way to implement them. That’s really the beginning of becoming compliant. For example, do you need to implement an enterprise management solution or address data retention and recovery to meet specific compliance regulations? Once these solutions are in place, the organization can concentrate on whether they need to be compliant at any cost, or can they manage the cost effectively and sustain it.

Industry analysts are saying that almost half of larger companies will divert 15 percent of their IT budgets to SARBOX compliance. When you consider that a business may face additional compliance requirements, it’s obvious that achieving cost efficiency while meeting these ongoing requirements can substantially impact corporate expenditures. And remember that compliance does not have to be a zero return investment. Best practices and solutions put in place can help to realize cost savings and increase an IT organization’s business impact.

And how can Melillo help address the challenges presented by an increased focus on regulatory compliance?

MM. Melillo provides solutions that can help lower compliance costs through pre-audit preparations, post-audit remediation and ongoing operational improvements. Our compliance solutions help ensure that regulatory compliance issues are adequately addressed to mitigate the risk that may adversely impact legal, financial and brand integrity aspects. We assess validation strategies, development methodologies, company policies, procedures and techniques and provide viable solutions to help ensure regulatory compliance for legislation such as Sarbanes-Oxley, HIPAA and FFIEC.

Could you provide us with an example of how you have helped a particular company meet these needs?

MM. We work with large enterprise companies to help them be compliant. For example, we’ve worked with a large casino providing gap analysis and the appropriate solutions that go with it. We assisted a top pharmaceutical company review their security and compliance policies and update them to meet current regulations without negatively impacting their IT environment. As for specifics, as with many companies, our customers are unable to publicize the details of the solutions we provide.

Looking forward, what trends/developments do you see influencing this space over the next few years?

MM. One trend we see is that the product cost is decreasing to levels that allow companies to choose the solutions they use to become compliant across the organization. For example, healthcare companies are finding that in some cases it’s simply easier to encrypt all their data as opposed to the specific data mandated by HIPAA.

As companies work to meet compliance regulations by capturing, archiving and retrieving data, we are starting to see trends that indicate that this same data is becoming of value to other parts of the organization, such as customer information, marketing information, etc.