There are some first steps which will help you deal with any compliance initiative, things to do before starting the actual work of aligning your practices and policies with the requirements you must meet. They seem simple, but are often overlooked.
First, read the regulation. All of it. Print it out if you need to or copy it into a form which is easy to mark up- and make notes and questions. Then read it again and polish your notes. After you have seen the requirements yourself and have your own highlighted and annotated copy it is safe to widen your scope. If the regulatory body has provided supporting documents read, highlight and makes notes on them. Note where the supporting materials clarify or contradict the regulations.
Only when you have reviewed the “official” documents yourself is it safe to start listening to the “experts”. When you start dealing with consultants and contractors remember that they may come and go but the actual responsibility stays with your organization. If you spend money on your compliance project make sure you spend it wisely. If you disagree with a consultant or don't understand what they are doing (or why they're doing it) ask them. If a vendor makes a questionable claim make them explain themselves. (The phrase “automate compliance” is one which always deserves a challenge).
There is another step to take before you really dig into meeting the regulations; look at projects in the planning or early deployment stages which may be impacted by the regulations and determine if they need to me modified before going live. It is always easier to get things right the first time, and projects on the drawing board are a lot easier to tune than those already in production. You may be able to get a victory or two under your belt with little pain and expense. These are basic and generic suggestions but they can be valuable as you begin almost any compliance project.
You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.
The original article/video can be found at Beginning the compliance process