Compliance Audit Tools and Resources:

Historically, compliance audits were difficult and costly, driving many organizations to choose to assume the risk of not really knowing the organization's posture in terms of compliance. Today, a number of software solutions are able to reach out into a network and perform controls and configuration testing against a set of criteria matched to specific laws, regulations, and statutes. Commonly available software tests for the Sarbanes-Oxley Act (also known as SOX), the Payment Card Industry Data Security Standard (PCI-DSS), and the Health Insurance Portability and Accountability Act (HIPAA), with variations among product packages as to other functionality that can be tested.

The CIO of a local medical device company is concerned about how well his employees are complying with the laws and regulations that apply to his organization. He asks you to research and deliver recommendations for the tools and resources you will need to purchase a suitable software package. Following that recommendation, you are to use the software to determine the level of compliance and to identify any areas of weakness. Finally, you are asked to report back to him on mitigations that will strengthen the organization's regulatory compliance posture.

• The assignment does not have to be no more than 1 page.
• Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
• Describe the steps necessary to determine what laws, regulations, and statutes impact this organization.
• Identify the process to select the appropriate compliance software for this organization.
• Explain the selection of team members and process steps from selection of the compliance software through creation of the recommendations for mitigation.