In conducting market research and talking to IT staff in the field, I am always surprised to see compliance and security officers operating independent of one another. Sure, not all compliance is security compliance, but the two intersect in enough ways to warrant tight collaboration. Not only do data security regulations, such as Payment Card Industry (PCI) Security Standards, require additional network visibility and control, but regulations that may on the surface seem unrelated to IT, such as those involving personnel actions, often require documentation from IT relating to an employee's online activity. Each of these places a burden on IT staff, primarily those closely involved with network security.
Preparation for and identification of solutions available to achieve compliance, in addition to executing on the myriad tasks required for compliancy, is made easier and more efficient when the security and compliance officers communicate regularly and rely on a common toolkit. Do your organization's security and compliance departments get along? How do you handle the scenarios where security and compliance overlap? What tools do you use to manage these two areas?