Compliance
Organizations have to comply with regulatory requirements and control standards such as NERC, HIPAA, PCI, BASEL II, FISMA, GLBA, SOX, COBIT, FFIEC, ISO27001, and NIST-SP800 as part of their business processes. The IT department has to ensure that IT processes, technology, and people are aware of and able to meet these compliance requirements.