The first steps in the compliance assessment are to:

• Identify process owners, affected resources, applications, relevant logs, and data related to the compliance initiative.
• Review policy and processes in order to determine which of these will be affected in the compliance initiative, or exist already to meet compliance needs.

Estimate the impact that compliance demands will have on IT using the "Compliance Impact Assessment" tool. Next, use the "Internal Control Identification Tool" to conduct an inventory of all controls present within the organization. The tool will recommend the implementation of these controls based on selected answers. Finally, assess IT policy gaps by completing the "Policy Assessment Tool."

Managing compliance efforts like any other project is necessary for the successful implementation of the compliance project. Communicate compliance gap measures by developing a work plan for all compliance tasks, and managing change through strong internal communication practices.

• Use the "Work Plan Template" to plot out tasks, scheduling, and estimated budgets for compliance-driven projects. The "Change Communication Worksheet" can be used to communicate projects and compliance-driven change to stakeholders. Fill in the blanks and follow recommendations to improve the flow of communication around compliance initiatives.

Keeping track of the costs and milestones of compliance-related tasks is essential to managing each project. Effective monitoring of scheduled tasks will ensure that the compliance project comes in on time and within budget.

• Use the "Project Status and Cost Report" tool to monitor compliance projects by inputting project schedule and cost estimates, and monitoring milestone dates to ensure your compliance initiatives are on track.

The first steps in the compliance assessment are to:

• Identify process owners, affected resources, applications, relevant logs, and data related to the compliance initiative.
• Review policy and processes in order to determine which of these will be affected in the compliance initiative, or exist already to meet compliance needs.

Estimate the impact that compliance demands will have on IT using the "Compliance Impact Assessment" tool. Next, use the "Internal Control Identification Tool" to conduct an inventory of all controls present within the organization. The tool will recommend the implementation of these controls based on selected answers. Finally, assess IT policy gaps by completing the "Policy Assessment Tool."

In this step, examine specific legislation, and industry-driven requirements to help determine what form the enterprise’s specific compliance initiatives will take. To help identify external requirements, use the Optimize IT tools that most closely correspond to your enterprise’s compliance needs:

• HIPAA Security Assessment Checklist. A checklist tool for healthcare industry enterprises bound by US Health Insurance Portability and Accountability Act (HIPAA) regulations.
• Gramm-Leach-Bliley Act Security Assessment Checklist. A checklist for finance and insurance sector enterprises based in the US, or otherwise bound by US legislation, for GLBA-specific security issues.
• SOX Compliance Assessment. An assessment for compliance with Sarbanes-Oxley regulations that applies to financial reporting and accounting practices for any organization that is publicly traded in any US stock market.
• Payment Card Industry Security Assessment Checklist. Applicable security standards for any enterprise that deals with electronic payment cards and the Payment Card Industry (PCI) standard.
• Federal Rules of Civil Procedure Readiness Assessment. A checklist covering requirements for compliance with the new Federal Rules of Civil Procedure (FRCP) established in 2006, covering e-mail and other data storage and retention issues.

Managing compliance efforts like any other project is necessary for the successful implementation of the compliance project. Communicate compliance gap measures by developing a work plan for all compliance tasks, and managing change through strong internal communication practices.

• Use the "Work Plan Template" to plot out tasks, scheduling, and estimated budgets for compliance-driven projects. The "Change Communication Worksheet" can be used to communicate projects and compliance-driven change to stakeholders. Fill in the blanks and follow recommendations to improve the flow of communication around compliance initiatives.

Keeping track of the costs and milestones of compliance-related tasks is essential to managing each project. Effective monitoring of scheduled tasks will ensure that the compliance project comes in on time and within budget.

• Use the "Project Status and Cost Report" tool to monitor compliance projects by inputting project schedule and cost estimates, and monitoring milestone dates to ensure your compliance initiatives are on track.

Reporting efforts to executives is a necessary part of any project, and is particularly important when it comes to compliance driven tasks. However, to be effective for executive reporting, a portfolio tracking project status should only highlight important project details as required.

• Record summary-level information from various "Project Status and Cost Report" entries into the "Compliance Portfolio Tracking Tool" to report on the high-level status of multiple on-going compliance projects to executives or external stake-holders