- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
The introduction of the forthcoming EU compliance directive, 'EuroSOX', could be chaotic, the Information Security Forum (ISF) has warned.
The EU's landmark directives on corporate governance are due to start being passed into law by member states this summer, but already the ISF has spotted trouble ahead. The first problem is that each state will have to interpret and translate the collection of directives that make up EuroSOX, leading to subtle divergences of law between different states.
"EuroSox is intended to harmonize existing laws but a lack of clarity compounded by 25 translated versions and different interpretations of auditing rules could confuse the true meaning of the legislation and jeopardize its positive effect on internal risks and controls," said Andy Jones of the ISF.
This will give large enterprises a major compliance headache, potentially resulting in different regimes for every state in which they do business. In fact, according to the ISF, EuroSOX is also a much less ambitious directive than the U.S. equivalents, which could see it if not ignored then disregarded (Compare Network Auditing and Compliance products).
"While on the surface there are similarities, there are also significant differences. For example, Sarbanes-Oxley imposes greater corporate governance responsibilities, creates whistle-blowing processes, addresses identity fraud and sets high penalties for breaches. Most of these are absent from EuroSox, which is intended more as a way to monitor corporate governance, rather than to establish it," said Jones.
In the U.K., the directive will enter law as an amendment to the Companies Act, rather than as brand new legislation, the ISF noted.
"The degree to which these laws will be enforced by EU member states for the deadline this summer is currently unclear, but an aggressive approach to auditing and compliance could put a lot of pressure on information security departments and budgets."
If past experience of EU IT-oriented directives is anything to go by, the timescale for rolling out laws across the 25 countries will be as slow as it needs to be. The much-heralded Waste Electrical and Electronic Equipment (WEEE) directive on recycling went years over its original schedule in countries such as the U.K.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
RE: EU compliance laws heading for troubleBy Tom.Olzak on February 13, 2008, 1:43 pmThere's nothing wrong with monitoring for compliance if the EU members are willing to comply. This is always preferable to mandates. Let's see if EU businesses...
Reply | Read entire comment
View all comments