It’s tough when you work in an environment that isn’t understood by many of your stakeholders. Mainframes really make a lot of sense, but to many people, they’re “black box technology.”
In this case, it can be difficult to argue in favor of adherence to your own requirements without the discussion devolving into “because I said so.” Many mainframe professionals avoid this by using metaphors to explain how the mainframe works, and then articulating clear and concise principles for working in the mainframe environment.
So, as they say, “What’s good for the goose is also good for the gander.” For those of you who are being asked to work in governance and compliance environments that may seem like black boxes to you, here are some guiding principles to help illuminate what’s being asked of you. Thanks to the Data Governance Institute for providing many of these and to the Data Governance & Stewardship Community of Practice for suggesting others.
Compliance Guiding Principles:
• Compliance isn’t optional.
• Compliance may be with laws and regulations, with contractual requirements, or with industry/internal standards.
• Anything important enough to have a rule also should have a mechanism for measuring adherence to that rule.
• It’s impossible to attest to compliance with a process that isn’t documented.
• Even though you may be in compliance with a process, if records don’t exist to prove it, then it may not count.
• If a control to avoid an undesirable event is missing or inadequate, this may count against you, even if that event never takes place.