IT managers failing legal test

Many IT executives don't understand the legal obligations that new legislation puts them under, according to a recent survey

Roughly half of IT executives claim they aren't fully aware of the standards and legal requirements that apply to them.

In a survey of 300 IT decision-makers conducted by the National Computing Centre (NCC), 44 percent admitted to not being fully aware of IT standards and legal requirements — and 22 percent admitted to not having any awareness of the issue at all.

Sarbanes-Oxley Act and Financial Services Authority regulations, as well as legislation such as the Data Protection Act, can all have a bearing on the IT department. Other standards such as BS7799 and the e-government interoperability framework can also apply.

Stefan Foster, managing director of NCC, said: "This is an alarming figure, indicating significant lapses in compliance and poor adoption of best practice."

He said that while IT executives might be aware of legislation they might not realise its implications for them. "It's a question of the connection," he said.

"The legal side of the business might pick up on data protection but does the IT department implement it in the same way," he added.

This lack of awareness could have a real impact on business he warned: "Larger companies will also insist on compliance to standards so as to minimise risk in their supply chains, so non-complying IT functions beware… you could affect the fundamentals of your business."

Clive Davies, IT and outsourcing partner at law firm Olswang, said IT chiefs have a "pivotal" role to play in making sure companies comply with regulation.

IT directors should be involved with the creation and implementation of compliance policy, he said. "It's not primarily down to the IT manager but they have an important role to play."