- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Like other public companies that handle credit cards, Alviso, Calif.-based TiVo faces a double whammy: meeting the requirements of the Sarbanes Oxley Act and the Payment Card Industry data security standard. Through a savvy combination of proactive auditor relations, automation and simplification, however, the company has cut significantly the time and effort it spends dealing with compliance issues.
Read about TiVo’s disaster recovery plan
“We’ve saved two-thirds of the time and one-third the effort we used to expend dealing with audits,” says TiVo Director of IT Richard Rothschild, who spoke at the recent Network World IT Roadmap Conference & Expo in Santa Clara, Calif. “And that can only get better as time goes on.”
View a podcast of our interview with TiVo's Richard Rothschild from IT Roadmap.
A key strategy for TiVo is to be more proactive during audits. Rather than waiting for the auditors to tell Rothschild’s staff what they need, the staff and relevant business managers sit down with the auditors beforehand to decide upfront what the audit should cover. “This helps us limit the scope to just what the auditors need to determine whether we’re compliant,” he says. “It avoids a lot of creep.”
In the past, auditors tended to ask a lot of questions and go down roads that led to more work but didn’t necessarily help determine TiVo’s compliance posture. By being more proactive, TiVo has eliminated such fishing expeditions. For example, a typical audit may need to test and verify the file-recovery system for a Network Appliance device. “We sit down and define exactly what the test is, what it means and how it should verify compliance,” Rothschild says. “Then everybody is clear on where we’re going to end up. It reduces the work — and the cost — for everybody.”
Once TiVo and the auditors agree on the scope, the company saves even more time and money by automating as many back-end auditing-related processes as possible. For example, a typical SOX audit requires TiVo to prove that terminated employees no longer can access its network. In the past, proving such compliance would mean checking a list of terminated employees against Active Directory, then checking VPN logs to see if any recently terminated employees had tried to log on. The process could take a couple of staff as long as two weeks.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
SMART Steps Toward Consolidated Workload Automation
Consolidating job scheduling into a single, comprehensive workload automation solution is a critical first step to effective workload automation (WLA).
White paper on WLA here
A Comprehensive Approach to Practicing ITIL Change Management
Read a compelling whitepaper by EMA, Inc. to learn best practices for integrating workload automation.
Whitepaper here
2 Minutes to IT workload automation
BMC CONTROL-M can put money back into your IT budget and strip the complexity and risk from workload automation.
View video here
Gain a faster, cheaper way to manage workload
BMC CONTROL-M can help you migrate to a workload automation solution to meet your organization’s goals.
Listen here for more info
Comments (1)
RE: TiVo records big savings in complianceBy ???? on August 29, 2007, 8:44 amThe largest bid for the year 2007 For Businessmen and investors To management and exploitation of the world's largest lakes of fish production Management and...
Reply | Read entire comment
View all comments