Mountainview ITSM 


 Sale   ITIL  PRINCE2  20000  27000




eLearning  Virtual  Classroom  Exam Only  more




License  Corporate




Free downloads  Accredited  Primers  Reviews  Trainers Careers  Contacts  Consult & Audit  Search

Regulatory Compliance

Many public companies are required to comply with regulations that govern and control their industry. For example, an HMO in the healthcare industry must comply  with the regulations specified by HIPAA to ensure that health records are protected, secured and access is authorized. 

Another example is Sarbanes-Oxley (SOX), the accuracy and timeliness of financial reporting relies heavily on a well-controlled IT environment. The Sarbanes-Oxley Act was enacted by Congress in 2002.  Essentially, the Sarbanes-Oxley Act establishes new standards for corporate accountability by requiring companies to assess and report the effectiveness of control procedures for financial reporting.  CxOs must certify and provide quarterly and annual reports to the SEC. Management must accept responsibility for the effectiveness of its internal controls, evaluate the effectiveness using suitable control criteria, and support this evaluation with sufficient evidence (such as records to validate the intent). Then internal and external auditors are required to verify and attest to these controls.  This places an unexpected burden on IT organizations because it represents a drastic shift in what they are now required to provide. Since the accuracy and timeliness of financial reporting depends on a well-planned and well-controlled IT environment, IT organizations must not only provide various forms of control documentation (as seen in the forms of manuals, flowcharts, memoranda, etc.), but also documentation about the effectiveness of those controls.

Many organizations simply don’t have mature IT processes in place to hold IT accountable.  IT service providers are relying on ISO 20000, ITIL, ISO 27000, and COBIT, to assist them in attaining regulatory compliance through IT governance.  According to the COSO Enterprise Risk Management method ,achieving internal controls require the following:

  • Internal Environment
  • Setting Objectives
  • Event Identification
  • Risk Assessment
  • Risk Responses
  • Control Activities
  • Information and Communication
  • Monitoring

Accordingly, Internal Control is a mandatory requirement for regulatory compliance [SOX, Bill198, HIPAA, BASIL2, GAAP, GAMP, ...].  Since IT is an integral part of the business, internal and external auditors will require that the IT organization demonstrate their internal controls.   But many IT organizations don’t yet have these internal controls in place. A company must first ask itself whether it is in control of the IT services required for business operations. If the answer is no, the next step is to use ISO 20000, ISO 27000, and COBIT to enable internal IT controls. 

Rapid ITSM enables this internal control by leveraging by providing documented evident to auditors.  Rapid ITSM is a non-proprietary open system that is anyone can use without extensive training.

Contact us for a webinar so we can demonstrate Rapid ITSM to you, no vapour-ware or smoke and mirrors, just that facts. 

World-wide Accedited ITIL Training and Courseware

Contact us   Accreditation   About us   Partners   Consultancy   Careers   Alumni   Mobile

Service Desk

   USA:   +1.718.618.9983

   Canada/Worldwide: +1.613.596.5170

   Hours:    M-F  9-5   UTC/GMT-5: USA EST



   Click here for more contact information


Mountainview ITSM 1992-2016

Trademarks and Terms & Conditions of Use

No part of this website may be reproduced in any form without the written permission of both the Mountainview and AXELOS Limited. Permission can be requested at Mountainview and

ITIL EXIN Accredited

AXELOS Partner

TwitterGoogle +1StumbleuponFacebook LikeLinkedinPinterest