– Kurt Stoever, Vice President of Service and Support at Quality Tech (www.qualitytech.com), says:
Keeping abreast of Data Center/IT Regulations can be a difficult task for a nationwide technology services company such as Quality Technology Services much less a multi-national or global firm. To allow QualityTech to focus its efforts, QualityTech staffed and trained a corporate resource responsible for compliance achievement, audit, and control.
Lesson 1: Create a corporate entity that has broad responsibility for Data Center/IT Regulations. A central organization is essential for allowing focus on and maintaining an unbiased opinion on various regulations. QualityTech’s Audit and Control Group designs the companies’ compliance roadmap, maintains regulatory awareness, performs research into emerging standards, assists clients with internal audits and designs supporting policies. QualityTech’s Audit and Control Group also performs research into emerging standards, performs gap analysis between today and a state of compliance and provides internal and external standards training.
Lesson 2: Let business results dictate certification efforts. For data center operators or IT departments regulations apply to the context of their business or “behavior”. It is financially unreasonable for any technology service provider to endeavor to adopt all frameworks, certifications and regulatory compliance requirements that may be useful. QualityTech has embraced ITIL as its service delivery framework. This decision allowed QualityTech to communicate internally and externally using a broadly accepted dictionary. As standards and certifications emerge, QualityTech evaluates its current and future client portfolio to determine the need and return on the certification investment. Typically, new compliance initiatives draw guidance from industry consortiums. How does QualityTech ensure its stays engaged and informed?
Lesson 3: Steer the conversation. As one would expect, new regulations frequently address an industry’s most pressing needs for oversight or standardization. Organizations in the growing space of outsourcing, like QualityTech, can find themselves forced to adopted standards that don’t apply to the organization but apply to a service. By identifying industry specific groups and joining same, outsourcers have an opportunity to be part of the message and on occasion steer. Advisory boards like The Green Grid, AFCOM, ASHREA, BOMA, AFCOM, ASIS, and others encourage involvement from a variety of stakeholders including outsourcers.