The frequency and intensity of leading indicators for widespread regulation of the IT industry are increasing, but many vendors and most enterprise IT organizations are unprepared to meet the requirements that regulated IT will likely impose on their processes and procedures, according to Gartner, Inc.
"Three years ago Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the U.S. by 2015 and in the European Union by 2015 to 2018," said Richard Hunter, vice president and distinguished analyst at Gartner. "Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased."
Several recent articles describing the growth and scale of criminal hacking networks aimed at governmental and industry targets, as well as recent statements by representatives of the U.S. and U.K governments, indicate that the state of IT security is now viewed as unacceptably dangerous. In addition, healthcare industry representatives have asked the Obama administration to hold software vendors liable for failures resulting from implementation of administrative software mandated by the U.S. federal government by 2014. Elsewhere, corporate customers are filing litigation against their IT providers with greater frequency.
The rise of social networks such as Facebook, MySpace and Twitter have generated increased concern over the extent to which personal data and the safety of minors are threatened by criminals using these networks to gain access to potential victims.
While neither supporting nor opposing regulation of IT, Gartner considers it increasingly likely and thinks it is probable that the EU will take formal steps to establish a regime for regulation of consumer-oriented IT products and services as early as 2011. Given the increasing likelihood of this scenario, Gartner advises IT vendors, service providers and user organizations to consider the implications of the regulation of IT on their businesses.
Software vendors need to be aware that increased liability will drive generic software out of the market, and they should prepare for transparency and product/price differentiation based on quality and certified fitness for purpose. IT service providers should do the same and mitigate risks by incorporating strong documentation, audit right provisions and legal compliance terminology into outsourcing deals.
Enterprise technology users are likely to benefit from regulation in terms of clearly understanding the functions and features they buy but should be aware that they cannot outsource regulatory compliance. They should consider whether the liabilities applied to vendors will apply to them as well, and consider whether the enterprise is prepared to manage its processes to regulatory requirements.
More information on the IT industry can be found at
www.supportindustry.com