Driven by public response to corporate scandals and enactment of legislation such as the Sarbanes-Oxley Act, Corporate Governance has become a primary driver of risk management and compliance activity. Accepted governance frameworks, such as COSO, the OECD Principles of Corporate Governance and the Basel Committee’s International Convergence of Capital Measurement and Capital Standards, all have incorporated risk management requirements that include the need to develop controls to manage not only financial risk, but operational and technical risk as well.

To address operational and technical risk management, organizations are increasingly turning to standards such as the BS7799/ISO17799 standard for information security management systems, and ISACA’s Control Objectives for Information and Related Technologies (COBIT) framework to implement security and information technology governance processes. The need for private sector organizations to treat information security as a governance issue and implement an appropriate governance framework has also recently been emphasized by the National Cyber Security Partnership Corporate Governance Task Force as essential to critical infrastructure security efforts. In implementing any of these frameworks, however, organizations are faced with challenges resulting from the need to rapidly manage the alignment of data assets with business objectives, an increased volume and complexity of data and data systems, and an expanding body of regulatory and other compliance requirements that affect data use.

Align’s ability to effectively deliver consistent, consolidated information policy management and reporting across multiple business environments provides an ideal solution for managing these challenges, and for integrating data-policy management into an organization’s governance frameworks. Align functionality and reporting features are consistent with accepted frameworks and standards for managing accountabilities, risks and compliance associated with business critical data and information assets, and can easily be incorporated into an organization’s internal controls for operational and technical risk management.