Reading Time: 3 minutes

This is another installment in a series of blogs that gives IT leaders a better understanding into the realm of possibilities enabled by an effective IT Service Management (ITSM) strategy. Each of these blogs offers ITSM best practices that can help you innovate and improve your IT processes and strategies so that they align to the needs of the business. 

One of the hot topics at the April Service-Now Knowledge 15 event in Las Vegas was Governance, Risk and Compliance—also known as GRC. Many CIOs are tasked with ensuring their security and compliance programs are up to industry standards to meet the requirements for compliance.

Developing a GRC program helps meet the requirements for IT Compliance by centralizing everything and leveraging automation to do most of the testing that’s needed to prove controls are in place and meet requirements. Challenges around securing the hybrid cloud and providing optimal disaster recovery are becoming high priorities for IT leaders, which also points to a strategic GRC approach as being paramount for survival.

Influencers in the ITSM space are also struggling to define the value case for investing the time and the effort into IT Compliance. Identifying the teams that need to be involved and understanding the new roles and responsibilities associated with meeting compliance standards can also be a big challenge.

But the disruption in the IT space for meeting compliance standards is a necessary one—most do not dispute its validity. Where we see a delay in getting started with GRC to meet the requirements of IT Compliance is finding the quick wins that provide value in keeping the effort a high priority in comparison to other IT and business projects that also take precedence.

In working with IT organizations that have gone forward in their IT Compliance efforts, it became clear that there were indeed short-term wins and other benefits that were not anticipated and which made the effort worthwhile.  The most interesting part about these benefits is that most are not anticipated at the beginning, yet they reveal themselves as you dig deeper and as you begin to put new controls in place.

Short-Term IT Compliance Wins

  • Helps you identify and replace older hardware that is no longer supportable or out-of date-with standards: Your server team will be excited they can actually justify a rip-and-replace project to help achieve compliance.
  • Accelerates the process to retire legacy applications that do not generate revenue or provide value to the business: This eventually happens when any company becomes lean with budgets and staffing. With compliance, it happens faster.
  • Generates pro-active alerts for non-compliant areas that need attention: Give your security or compliance director real-time alerts on non-compliant changes and you’ll make their job exciting.

Long-Term IT Compliance Wins

  • Automates control testing and audit remediation: This greatly reduces manual efforts to test and collect data and remediate issues.
  • Improves communication with the business on compliance and IT efficiencies: This also helps build your outstanding reputation with the business.
  • Produces dashboards and reports for IT and business leaders to review: Make your CIO’s job easier by producing a scorecard that makes it easy to track progress and share the results with internal auditors.

If your organization is looking for value-driven improvements as a result of making IT Compliance a high priority, consider it to be an exercise to clean out your attic and consolidate so IT can focus on what is most essential. You will find opportunities to reduce your IT footprint and eliminate painful manual efforts to stay ahead of your audits. You can even provide more visibility and alerting when you detect things that are out of compliance and need attention.

For more information on ITSM strategies and best practices, contact Chris Gordon at

To view of all of Chris Gordon’s ITSM blogs published to date, visit