Comment by thewebguyd
3 hours ago
> IT. They tend to over-interpret regulation, and super-restrict beyond what is needed for actual de-facto compliance.
IME this is less the fault of IT and more so bad auditors that won't consider, or just don't understand, what compensating controls are. If it doesn't meet their little checklist exactly, they fail the audit.
> IT. They tend to over-interpret regulation, and super-restrict beyond what is needed for actual de-facto compliance.
This is such a nonsensical claim. If a company is asking someone from IT to read the regulations and implement them, then obviously you’re going to get something that conforms to the written specification they were provided.
But a company that does that is basically delegating both compliance and legal functions to IT. No sane company does that.
It's cause IT never has to live with the consequences of their decisions. Who cares if the other department keeps bleeding talent because you twisted the knobs so hard no one wants to work in your system?
Sounds like communication between departments sucks. If IT develops for them, you’d expect there to be a feedback loop?
Yes. Exactly. This is not a reflection of where I am now in any way shape or form. Just my observation of previous places I've worked.