Mountainview ITSM


ITIL  20000  27000  more


eLearning  Virtual  Classroom  Exams


License  Corporate


Contacts  Downloads  Reviews  Search

ITIL 4 Foundation Sale

ITIL V3 Foundation Sale

ITIL V3 Intermediate Sale

ITIL V3 Expert Sale

Regulatory Compliance

Many public companies are required to comply with regulations that govern and control their industry. For example, an HMO in the healthcare industry must comply  with the regulations specified by HIPAA to ensure that health records are protected, secured and access is authorized. 

Another example is Sarbanes-Oxley (SOX), the accuracy and timeliness of financial reporting relies heavily on a well-controlled IT environment. The Sarbanes-Oxley Act was enacted by Congress in 2002.  Essentially, the Sarbanes-Oxley Act establishes new standards for corporate accountability by requiring companies to assess and report the effectiveness of control procedures for financial reporting.  CxOs must certify and provide quarterly and annual reports to the SEC. Management must accept responsibility for the effectiveness of its internal controls, evaluate the effectiveness using suitable control criteria, and support this evaluation with sufficient evidence (such as records to validate the intent). Then internal and external auditors are required to verify and attest to these controls.  This places an unexpected burden on IT organizations because it represents a drastic shift in what they are now required to provide. Since the accuracy and timeliness of financial reporting depends on a well-planned and well-controlled IT environment, IT organizations must not only provide various forms of control documentation (as seen in the forms of manuals, flowcharts, memoranda, etc.), but also documentation about the effectiveness of those controls.

Many organizations simply don’t have mature IT processes in place to hold IT accountable.  IT service providers are relying on ISO 20000, ITIL, ISO 27000, and COBIT, to assist them in attaining regulatory compliance through IT governance.  According to the COSO Enterprise Risk Management method ,achieving internal controls require the following:

  • Internal Environment
  • Setting Objectives
  • Event Identification
  • Risk Assessment
  • Risk Responses
  • Control Activities
  • Information and Communication
  • Monitoring

Accordingly, Internal Control is a mandatory requirement for regulatory compliance [SOX, Bill198, HIPAA, BASIL2, GAAP, GAMP, ...].  Since IT is an integral part of the business, internal and external auditors will require that the IT organization demonstrate their internal controls.   But many IT organizations don’t yet have these internal controls in place. A company must first ask itself whether it is in control of the IT services required for business operations. If the answer is no, the next step is to use ISO 20000, ISO 27000, and COBIT to enable internal IT controls. 

Rapid ITSM enables this internal control by leveraging by providing documented evident to auditors.  Rapid ITSM is a non-proprietary open system that is anyone can use without extensive training.

Contact us for a webinar so we can demonstrate Rapid ITSM to you, no vapour-ware or smoke and mirrors, just that facts. 

World-wide Accedited ITIL Training and Courseware


Contact us  Primers   Accreditation  About us   Consult & Audit  Partners   Alumni   Trainers  Careers

AXELOS Partner

TwitterGoogle +1StumbleuponFacebook LikeLinkedinPinterest

   Mountainview ITSM 1992-2018

Trademarks and Terms & Conditions of Use

No part of this website may be reproduced in any form without the written permission of both Mountainview and AXELOS Limited. Permission can be requested at and