It was like finding a needle in a haystack. On her first day as security and risk manager at the Pennsylvania Department of Public Welfare, Pamela Skelton was met with piles of disorganized compliance files and random pieces of paper that her predecessor had left behind.
When she was told that an IRS audit report was due in a few months, a mild panic set in. "I saw all this paper and said, 'Where is everything?' It was very disorganized. I could never find anything that I needed," she recalls. That was just the start of a risk compliance odyssey for Skelton and her team.
[ InfoWorld presents the Bossies 2013, the best open source software for security, data centers, clouds, and more. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
The Department of Public Welfare must safeguard the financial and medical data of its 2.7 million participants. Yet with more than 4,000 federal and state regulatory requirements and policies to comply with, trying to gather and review data and take corrective action in response to myriad audits became nearly impossible.