Article by Carolyn Burke, CEO and John Wunderlich, Board member, entitled Data vs Privacy, published on the Globe and Mail website. Read it here.

From Integrity’s Blog:

Negroponte speaks on what products and services are coming next

Stop playing chicken with cybersecurity

Visit Integrity’s blog: http://linkingintegrity.
June 2004

Dear Subscriber,

What’s the new governance marketing tactic? Those software vendors who develop compliance tracking and management solutions are taking a page out of the security software vendor’s book: it’s all about the fear.

Fear-based marketing is a useful but unethical tool, and one that we at Integrity Incorporated do not support. Fear-based marketing relies on the manipulation of a company or individual’s lack of expertise and the possible consequences. Think security. Think Y2K.

That’s why, like security and Y2K, compliance is all about risk management. It’s about understanding what you’re really getting out of a software investment – especially in a field as new as compliance management.

Are you considering a purchase of this kind? Are you researching options? We’d like to hear from you – and we’re planning a one-day seminar in early September on the variety of compliance software options on the market. Contact me if you’d like to share your experiences with compliance management software, good and bad, marketing and sales tactics.

Best regards,

Carolyn Burke
CEO Integrity Incorporated

P.S. We encourage forwarding of these newsletters so feel free to share with an interested colleague!

How are organizations south of the border managing compliance? With a combination of best practices guidance and software. AMR Research’s John Hagerty examines ways to plan a sustainable, active compliance management infrastructure, and provides a glimpse at how forward-looking organizations are managing this mammoth task.

As business and IT recognize the overlapping requirements of individual compliance mandates, leaders are taking steps to build out a sustainable architecture that minimizes time and cost while maximizing future reuse. Compliance is now a strategic objective, not just a collection of tactical projects.

Read more (registration required)

We invite you to submit questions on security, privacy and governance compliance to

Dear Compass,

With the advent of Sarbanes-Oxley in the US, an industry seems to have been created around compliance management software. Is this something we should be looking at in Canada as well? Do you have any recommendations?

RV, Oakville

Compass responds:

Many Canadian and international companies must comply with the US SOX legislation. If you're doing business in the US or even for US-based companies, you will be required to prove that you're in compliance as well. Almost 1/3 of Canadian companies have or will have to take steps over the next 6 months.

Compliance software and the necessary technical and process support centers aren't fully mature yet, and so it's incumbent on your IT and business decision makers to research the options carefully before investing. You want to look for good international support in reporting features. And consider deployment flexibility. Does the system allow you management compliance only where needed, aka for systems used when dealing with US organizations.

Next you want to look for compatibility with your existing financial systems and enterprise software. Are you able to use one compliance solution to monitor and control other aspects such a privacy? Is there a SOX add-on already available? After all, deploying more than one compliance system is just that much more resource intensive. So look for modularity and expandability, and even the package's customizing tools.

Finally, although we've only touched on a few of the hot spots, you need to consider your long term lifecycle management. Ensure that you have skilled staff and the appropriate procedural and policy support within your organization to maintain and update your SOX compliance management system to fully meet your ongoing reporting requirements.

Here's a link to a great overview of issues and vendor solutions:;

Amadeus’ messaging focuses on improvement, betterment, and of inspiring organizations to better governance and transparency. This positive view of the impact of compliance focuses on the match between need and software, not by intimidating the reader into purchasing based on fear of the consequences.

Imagery implying rampant employee fraud and heavy-handed, intimidating language makes this type of compliance software marketing the lowest common denominator. Reminding visitors that “the penalties for missing the mark are severe” bases its sales pitch in fear, rather than in the strengths of the solution.

Integrity Incorporated
155 Dalhousie Street, Ste 701
Toronto, ON, M5B 2P7 Canada
T/ 416 369 0113     F/ 416 369 0148

Full Disclosure:

Copyright © 2004 Integrity Incorporated. All rights reserved. The Integrity Incorporated 'mark of integrity' is a registered trademark of Integrity Incorporated and is pending approval in the Canadian Trademark Office. Integrity Incorporated is a member of the family of values-focused River Street Bridge Inc. companies.