Before considering any overall or strategic objective on this issue, it is important to gain confidence in your underlying compliance level. Establishing your current compliance position is the first step to conformance.
This is much harder than may superficially appear. For larger organizations, the position for each and every information system within scope needs to be established. This CAN be a very intensive and costly operation.
Having achieved this, plans then need to be created to ensure that the necessary improvements are implemented to move the organization as a whole forward towards the compliance objective. Again, this CAN prove to be very costly.
However, having completed this process, and having reached a broad compliance plateau, most of the hard work is done.... and the risk profile of your organization will have been significantly reduced
The next page will consider a method of simplifying the above and achieving compliance with minimum pain.
