Abstract
Companies have now weathered several years of scrutiny under regulatory requirements with the inception of HIPAA, Sarbanes Oxley, and other industry regulations. To meet these compliance challenges, many companies have looked to different frameworks to help build controls structures within the organization. For IT organizations, this has required a shift in mindset to adopt a “controls oriented” approach while keeping up with the technology needs of the business. A key to the adoption of any framework has been ensuring the approach is applicable to your business.