Create Your Next Customer is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

35% Of Organizations Must Comply With Four Or More Mandates, According To New InformationWeek Reports Research

54% of companies comply with HIPAA or plan to do so in the next 12 to 24 months

Sep 24, 2012

SAN FRANCISCO, Sept. 24, 2012 /PRNewswire/ -- InformationWeek Reports (, a service provider for peer-based IT research and analysis, announced the release of its latest research report. Compliance in the Cloud Era encompasses analysis of results from InformationWeek's 2012 Regulatory Compliance Survey and offers strategies for addressing regulations in an era where it is increasingly common to grant third parties access to sensitive and critical data.  Over 400 business technology professionals responded to this survey.    


Research Summary:

InformationWeek's survey of 422 respondents subject to regulatory compliance finds that organizations are not just defining security policies, but doing the challenging work of implementing controls to support them.  When asked the top three security controls they would choose to fund, 43% selected endpoint protection (a regulatory requirement under Payment Card Industry and HIPAA regulations as well as multiple other mandates), 38% said application firewalling (a PCI requirement), and 31% selected identity management (supports numerous access-control requirements across a broad swath of regulations).


  • 58% identify fear of legal repercussions or fines as the top driver for compliance initiatives.
  • 78% have sufficient personnel, money and other resources to address compliance needs or are very near the mark.
  • 94% include specific security language in either all (48%) or some (46%) vendor contracts.
  • 69% address compliance requirements in contracts with compliance-sensitive vendors; 62% include specifications for breach disclosure and incident response.

The report was written by co-authors, Diana Kelley, a 20-year veteran of the IT industry and a partner in and co-founder of research and consulting firm SecurityCurve, and Ed Moyle, a security strategist with Savvis' information security practice.

For full access to the research data, members can download now:

"Compliance is no longer just about implementing controls in response to regulations," says Lorna Garey, content director of InformationWeek Reports. "The way enterprises consume IT services has changed—primarily with the use of cloud providers and increases in outsourcing—making security and regulatory compliance among supply chain partners increasingly important."  

Research, HIPAA, IT Industry Research, News Releases