|This article is from the upcoming Spring 2005 issue of Hospitality Upgrade magazine.To view more articles covering technology for the hospitality industry please visit the Hospitality Upgrade Web site or to request a free publication please call (678) 802-5307 or e-mail.|
|by Dorian Cougias, March 2005
The spring issue of Hospitality Upgrade proves that regulatory compliance is not just about Sarbanes-Oxley (SOX), Visa CISP or CA 1386. It is a combination of them all. Almost every organization today – and not just within the hospitality world – falls under multiple regulatory realms. It is not enough just to have a SOX plan or a Visa CISP plan.
Most of us are realizing that we are moving past the initial regulatory-scramble and have to cre-ate a regulatory posture for the organization. In other words compliance isn’t like Y2K – there isn’t a magical date when it will all go away and we can resume our normal lives. It’s here to stay, and if we are going to become truly compliant within the industry, we are going to have to move past looking at each regulation and standard and move into a compliance mode wherein we adopt an over-arching compliance framework that guides our efforts.
There are both strategic and tactical benefits to guiding our organizations toward a compliance posture on the part of IT leadership and day-to-day management. At the strategic level, stronger oversight of compliance efforts, more consistent measurement and reporting (leading to better long-term insight into the business’ objectives), and reduction of redundant and inconsistent development lead the IT benefits.
At a management level, the approach focuses attention on IT oversight and spurs the inclusion of IT managers in higher level organizational planning. At the corporate level, centralized and standardized compliance can leverage resources and processes across multiple initiatives. IT is then able to cut implementation costs and timelines; otherwise unfunded operational efficiencies can be bundled into compliance efforts, freeing up needed (and scant) resources for new business development.
And yes, there are the dollars-saved to be measured. My own research at Network Frontiers, through joint projects with Symantec, have lead us to conclude that some organizations adopting an over-arching compliance posture can cut compliance costs by a 3-to-1 margin, while a recent report by Gartner Inc. anticipates that companies adopting a compliance management posture will spend up to 50 percent less on compliance by 2006 than companies without one. The reason is simple: there is only so much to protect, and all of the regulations and standards have the same goals of ensuring accountability through assuring confidentiality, integrity and availability.
“When it really gets down to it,” said Dr. Stuart Broderick, director of global services development at Symantec, “everything within the world of compliance can be broken down into protecting the input, the process and the output (or data) within the realm of technology.” SOX is about assuring internal controls (input, process and output) for financial reporting, among other things. CA 1386 is about assuring information integrity (input and output) of personal information. And Visa CISP is about protecting the entire transaction from input through process through output.
The Framework Can Make All the Difference
The biggest problems with the regulations per se, is that while they have IT operational implications, they don’t provide for specific IT solutions. Visa CISP’s guidelines are the closest to describing the problem and prescribing the solutions, but even those guidelines are broad and shallow.
But that doesn’t mean that IT managers have to wonder where to turn for guidance. An abundance of compliance frameworks and specific control objectives are already in place to provide guidance for compliance directions. See the sidebar (pg. 134) for some examples.
Moving Toward a Unified Approach
Many organizations are using a combination of frameworks, such as marrying COSO, ISO 17799 and CobiT together with internally developed best practices. This clearly seems to be the trend for organizations across the board. Likewise, auditing tools like Systems Continuity Plan Pro from Palo Alto Software (http://www.scplans.com) have integrated multiple frameworks and regulations into their audit platform. This provides what Jake Weatherly, Continuity Plan Pro’s product manager at Palo Alto Software, calls a unified approach to regulatory compliance. Weatherly said, “Most companies that use SCPP are already under multiple regulations, so we made sure we asked audit questions that were unified across the board, and referenced regulatory frameworks such as COSO, CobiT, ISF, FFIEC and OECD so that every organization can feel comfortable that they are covered.”
Is Palo Alto headed in the right direction? Liebert Power and Symantec
think so – both companies have licensed Continuity Plan Pro as a vehicle
for their representatives and consultants to ensure their respective clients’
best practices for business continuity and compliance.
Editor's note: View this article in PDF
Hospitality Upgrade magazine
and the Hospitality Upgrade.com website
|Also See:||What Hoteliers Need to Know About Flat Panel and HDTVs / Jake Buckstead / March 2005|
|10 Trends Affecting Hospitality IT in 2005 / Bradford Iverson / March 2005|
|Searching for Bookings? Optimize / Dr. Matthew Dunn / August 2004|
|Instant Messaging: Age Is Everything - Expectations of Immediacy, Productivy and the Rise of IM / Elizabeth L. Ivey / August 2004|
|Baby It's Cold Outside the Firewall / Michael Schubach / April 2004|
|High Wired: The Hotel Room of the Future / Kelly Stanford / April 2004|
|We're Not In Kansas Anymore; Differentiating your hotel through technology / Mark Haley / January 2004|
|Understanding the Power of Customer Relationship Management / Neil Holm / Hospitality Upgrade Magazine / November 2003|
Case for Self Service in Hospitality / Marvin Erdly and Amitava Chatterjee
/ Hospitality Upgrade
Magazine / October 2003
|Five Questions to Ask Online Distributors / Michelle Peluso / Hospitality Upgrade Magazine / October 2003|
|Surf's Up - Internet Marketing for Destination Properties / Marvin Erdly and Amitava Chatterjee / Debra Kristopson / Hospitality Upgrade Magazine / October 2003|
|Wireless Changes Everything; So, do ya want a latte with that or what? / Jocelyn Valley / Hospitality Upgrade Magazine / June 2003|
|Customer Awareness or Customer Beware? Data Security in a CRM-Obsessed Industry / Elizabeth Ivey / Hospitality Upgrade Magazine / June 2003|
|Your Magnificent Selling Machine Would you Prefer Your Hotel to Get: the Web Hit or the Phone Call? / Robert Camastro / Hospitality Upgrade Magazine / June 2003|
|Tradeshows & Economic Soldiers / Dan Phillips / Hospitality Upgrade Magazine / April 2003|
|Hotel Telecommunications in the 21st Century / Geoff Griswold / Hospitality Upgrade Magazine / March 2003|
|The ABCs of CRM / Mark Haley & Bill Watson / Hospitality Upgrade Magazine / March 2003|
|Getting the Most out of Your IT Investment / By: Clay B. Dickinson / Hospitality Upgrade Magazine / Fall 2002|
|The Role of Paper in a Digital World / By: Bill Fitzpatrick / Hospitality Upgrade Magazine / Fall 2002|
|The Rotten Pineapple (international symbol of hospitality) / By: Steve D'Erasmo / Hospitality Upgrade Magazine / Fall 2002|
|Focusing on Labor Can Improve More Than Just Cost / Hospitality Upgrade Magazine / Summer 2002|
|Attention Hotels - An Ounce of Prevention is Worth a Pound of Cure / Elizabeth Lauer Ivey / Hospitality Upgrade Magazine / May 2002|
|HOSTEC - EURHOTEC 2002 - Room for Improvement / Christel Dietzsch / Hospitality Upgrade Magazine / Feb 2002|
|Technology and the Human Touch / Dan Phillips / Hospitality Upgrade Magazine / Spring 2002|
|Wireless Technology: Where We Have Been, Where Are we Going? / Geneva Rinehart / Hospitality Upgrade Magazine / Spring 2002|
|Effective Customer Relationship Management (CRM) Implementations / John Schweisberger and Amitava Chatterjee, CHTP / Hospitality Upgrade Magazine / Fall 2001|
|What's Up With Call Accounting Systems (CAS) / Dan Phillips / Hospitality Upgrade Magazine / Fall 2001|
|Technology Dilemmas: What have IT investments done for you lately? / Elizabeth Lauer / Hospitality Upgrade Magazine / Summer 2001|
|Full Circle from Centralized to ASP - The Resurrection of Old Themes and a Payment Solution / Gary Eng / Hospitality Upgrade Magazine / Summer 2001|
|A High Roller in the Game of System Integration / Elizabeth Lauer / Hospitality Upgrade Magazine / Spring 2001|
|CAVEAT EMPTOR! Simple Steps to Selecting an E-procurement Solution / Mark Haley / Hospitality Upgrade Magazine / Spring 2001|
|Your Bartender is Jessie James and He Needs to Pay for College / Beverly McCay / Hospitality Upgrade Magazine / Fall 2000|
|Choosing a Reservation Representation Company / John Burns / Hospitality Upgrade Magazine / Spring 2001|
|Understanding and Maximizing a Hotel’s Electronic Distribution Options / by John Burns / Hospitality Upgrade Magazine / Fall 2000|
|The Future of Electronic Payments - From Paper to Plastic and Beyond / J. David Oder / Hospitality Upgrade Magazine / Summer 2000|
|Timeshare Technology Steps Up / by Elizabeth Lauer / Hospitality Upgrade Magazine / July 2000|
|Biometric Payment: The New Age of Currency / by Geneva Rinehart / Hospitality Upgrade Magazine / Mar 2000|