Do you have a process for evaluating tools and platforms to see if they’re compliant with your industry’s regulations?

Vendor ManagementRegulatory ComplianceEngineering
613 views1 Upvote4 Comments
Sort By:
Oldest
Director of Engineeringa month ago
Yes, definitely. When working with vendors, we often ask them directly about their compliance status. For example, we asked an insurance vendor if they were HIPAA compliant. When they were unsure, we sat down with them, reviewed the HIPAA compliance documentation, and mapped it line by line to their offerings. 

If most of the compliance needs are met, we are ready to evaluate the vendor further, though not necessarily onboard them immediately.
1
Field CTO in IT Servicesa month ago
As part of vendor qualification you would want to ask them about relevant standard and regulation, and ask them to evidence their current levels of compliance, as well as any plans to obtain (if they are not yet compliant) or recertify that compliance. Organisations operate within a regulatory or statutory context - you need to ensure you are not diluting or knowingly weakening your compliance position by making uninformed choices.
1
VP of ITa month ago
Yes, we do have a rigorous process for evaluating tools and platforms to ensure they are compliant with our industry's regulations. In the banking and finance sector, adherence to regulatory standards is not optional—it's a fundamental requirement. Our evaluation process is designed to thoroughly assess compliance with all relevant legal and regulatory frameworks before any tool or platform is implemented.
1
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director of IT in Governmenta month ago
Ours is called an Approval to Operate process.  It focuses a lot of on the security aspects but does cover other regulations too like privacy.  It involves a lot of documentation of what we are using, how it will be setup, privacy assessments, processes like incident management and DR, compliance with the relevant standards, etc.  The output goes to senior management for approval, and also produces a hitlist of improvements for you to report progress against.

Content you might like

Is flutter flow best for app builder software

Applications & PlatformsCloudContact Center & Telecom+15 more

Yes79%

No20%

1.2k views

If you have had a negative experience with a vendor (without naming the vendor), what did you learn from it?

Financial ManagementVendor Management
VP of Global IT and Cybersecurity in Manufacturing6 years ago
Have clear business requirements up front, make sure the proposal includes items such as scope, timeline, cost, resources.
Read More Comments
22.1k views3 Upvotes28 Comments

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

In the age of cloud computing and remote working, is the traditional firewall dead?

CloudEnd-User Services & CollaborationEngineering+10 more

The firewall is dead46%

Long live the firewall53%

4.5k views2 Comments

What have been your experiences with using OData with Java and/or .Net?

Applications & PlatformsDatabaseEngineering+1 more
243 views2 Upvotes