Do you have a process for evaluating tools and platforms to see if they’re compliant with your industry’s regulations?
Sort By:
Oldest
Field CTO in IT Servicesa month ago
As part of vendor qualification you would want to ask them about relevant standard and regulation, and ask them to evidence their current levels of compliance, as well as any plans to obtain (if they are not yet compliant) or recertify that compliance. Organisations operate within a regulatory or statutory context - you need to ensure you are not diluting or knowingly weakening your compliance position by making uninformed choices.VP of ITa month ago
Yes, we do have a rigorous process for evaluating tools and platforms to ensure they are compliant with our industry's regulations. In the banking and finance sector, adherence to regulatory standards is not optional—it's a fundamental requirement. Our evaluation process is designed to thoroughly assess compliance with all relevant legal and regulatory frameworks before any tool or platform is implemented.Director of IT in Governmenta month ago
Ours is called an Approval to Operate process. It focuses a lot of on the security aspects but does cover other regulations too like privacy. It involves a lot of documentation of what we are using, how it will be setup, privacy assessments, processes like incident management and DR, compliance with the relevant standards, etc. The output goes to senior management for approval, and also produces a hitlist of improvements for you to report progress against.
If most of the compliance needs are met, we are ready to evaluate the vendor further, though not necessarily onboard them immediately.