|
Shadow IT is a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval. It is also used, along with the term "Stealth IT", to describe solutions specified and deployed by departments other than the IT department.〔(【引用サイトリンク】Shadow IT - Should CIOs take umbrage? )〕 Shadow IT is considered by many an important source for innovation and such systems may turn out to be prototypes for future approved IT solutions. On the other hand, shadow IT solutions are not often in line with the organization's requirements for control, documentation, security, reliability, etc., although these issues can apply equally to authorized IT solutions. ==Compliance issues== It is a term used in IT for any application or transmission of data, relied upon for business processes, which is not under the jurisdiction of a centralized IT or IS department. The IT department did not develop it, or was not aware of it, and does not support it. This increases the likelihood of ‘unofficial’ and uncontrolled data flows, making it more difficult to comply with the Sarbanes-Oxley Act (USA) and many other compliance-centric initiatives, such as: * Basel II (International Standards for Banking), * COBIT (Control Objectives for Information and related Technology), * FISMA (Federal Information Security Management Act of 2002), * GAAP (Generally Accepted Accounting Principles), * HIPAA (Health Insurance Portability and Accountability Act), * IFRS (International Financial Reporting Standards), * ITIL (Information Technology Infrastructure Library), * PCI DSS (Payment Card Industry Data Security Standard), * TQM (Total Quality Management), etc. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Shadow IT」の詳細全文を読む スポンサード リンク
|