With the automation and strategic involvement of Information Technology (IT) in day to day operations, demand for IT compliance has increased marginally. While delivering services to clients, an organization is bound to meet several technical and legal obligations associated with the IT compliance. There are several compliance rules and regulations that need to be met by an organization. These rules and regulations may be imposed by government bodies and may also include requirements with respect to a customer's need and demand. These compliance rules and regulation are not only important and necessary, but they also affect overall operations of the organization. In order to comply with these compliance rules and regulations, organizations set their own internal policies in line with the rules and regulations set by the government.
Organizations have to enforce these compliances rules and regulations with stringent processes and at appropriate frequency generate compliance reports and evidences to justify its compliant business process and operations.
Also, the IT components that are people dependent are also under the compliance umbrella. Further, all the IT enabled sectors and organizations are bound to meet the standard compliance at each stages of a service life cycle such as Design, Build, Migrate, Operate, Improve, and Govern. Further, in order to meet the applicable standards, IT organizations need to individually analyze each and every compliance requirement. These requirements may vary from organization to organization based on the elements and profiles of the organization. As a result each compliance rule needs to be individually analysed and accordingly modelled to check the compliance of the IT organizations. The architecture of existing compliance auditors 102 is disclosed in FIG. 1. The organizations may provide different services to different IT organizations for instance organization A, organization B, organization C and organization D. As represented in FIG. 1, the compliance auditor 102 is bound to provide customized services X, Y, and Z to organization A, B, and C respectively since the each of these organizations is linked with a different set of IT systems. Further, the services may vary with the variation in a business vertical 104 and business process implementation 106.
Hence, several challenges are faced by the current solutions due to diverse compliance requirements, frequent updates and complex interpretations. Also, there is lack of systematic approach to check correctness and completeness of compliance checking process.