Architects play an important role in advising business on meeting compliance needs through technology as well as making the right investments to ensure a “business compliant” architecture. Compliance knowledge denotes an understanding and mitigation of regulatory impacts to the organization and the design/solution being deployed, including audits, certifications, licensing, and general industry regulation types. The IT architect is expected to be “compliance aware” in business and technology dimensions and have the ability to articulate the regulatory requirements that drive design elements, including regulation, governance, legal and other binding corporate agreements.
For business process compliance, architects focus on technology enablement to better meet compliance requirements such as information capture, measurement and reporting needs for internal and external stakeholders e.g. reporting to government regulatory agencies. Conversely, they also have to ensure that technology enablement does not compromise any compliance requirements e.g. protection of personal and financial information. IT architects should work with business architects and business SMEs to identify compliance needs related to architecture layers such as user interface, information access, storage and reporting. Technology compliance means that the underlying technology adheres to norms for inter-operability and quality requirements e.g. manufacturing processes and interfaces between software and hardware products. Information and infrastructure compliance are two primary facets of technology that are governed under regulatory and legal laws. Information and infrastructure architects should play a key role to ensure compliance needs are identified and implemented as a critical use case of a technology solution.
As compliance is an on-going activity and perceived as cost of doing business, architects should also try to add value by scanning technology trends that will facilitate compliance e.g. leveraging self-aware or closed loop feedback systems, or implementing compliance monitoring and reporting solutions.
A key challenge for architects is to ensure that all facets of compliance are implemented and working as planned in the technology portfolio. Another challenge is lack of awareness of the risks introduced by non-compliant technology solutions. Compliance may get compromised due to improper planning or awareness and occasionally, by implicit behaviors allowing non-compliance (as a cost of doing business). Architects should be well aware of threats and consequences of non-compliance and should advocate uses of governance frameworks such as COBIT as well as audits which allow explicit management of technology compliance in an organization.