The PADS Framework for Compliance and Security - Part 2
March 15, 2016

Gabriel Lowy

Share this

Start with The PADS Framework for Compliance and Security - Part 1

Below we highlight new regulations in the global securities industry that underscore the risks companies face when they don’t have a good handle on user experience or application performance across the application delivery chain.

Capital Markets: Pressure to Avoid Market Disruption

Global securities markets have become increasingly reliant on technology and automated systems that operate at light speed. But in recent years, these systems have suffered both minor glitches and major outages. They have also been susceptible to cyberattacks, further underscoring their vulnerability.

To ensure the integrity and resilience of IT systems and reduce the severity and frequency of these disruptions, the Securities and Exchange Commission (SEC) adopted Regulation Systems Compliance and Integrity (Regulation SCI) in November 2015. The regulation applies to so-called SCI entities, including national securities exchanges, certain high-volume alternative trading systems, clearing agencies, plan processors and self-regulatory agencies such as the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB).

Covered entities must design, develop, test, maintain and monitor their operational systems according to Regulation SCI's standards and best practices. These policies apply to nine IT and security domains:

Source: SEC, Tech-Tonics Advisors

Regulation SCI requires new reporting and disclosure of disruptions, intrusions and other adverse events – with special emphasis on customer personal information. There are also new requirements to notify affected customers and plan participants if the events are "major" or involve "critical SCI systems."

Covered entities must perform ongoing audits and risk assessments. This includes evaluating IT governance services performed by specific entities. Material changes to any “SCI system” – whether existing or planned – must be reported on a quarterly basis. If any covered entity does not implement compliant controls or neglects to report failures to the SEC they could be subject to legal action.

Beyond testing requirements built into business continuity and disaster recovery standards, Regulation SCI also mandates industry-wide coordinated testing to ensure systems-wide functionality and safety. While testing has already begun, the industry has until November 2016 to get processes in place.

Market disruptions have resulted in extreme volatility, fractured investor confidence, catastrophic losses and unprecedented fines for compliance violations. Intelligence across the entire application delivery chain is essential for all covered entities to comply with Regulation SCI.


In the software-defined economy application performance and user experience are critical differentiators to drive business and risk management objectives. The risks of poor application performance and user experience include business interruption, eroding employee engagement and customer satisfaction, regulatory noncompliance and reputational damage.

The underbelly of modern distributed computing environments is growing regulatory oversight pertaining to systems efficacy and security. While regulations are nuanced to specific industries, the connectivity and interdependencies of systems are similar across all sectors. Regulators are increasingly focused on these relationships – and the underlying systems and applications – that comprise application delivery chains.

More companies are incorporating cloud, mobile and social into computing architectures, business plans and processes. With the growth of containers and microservices, coupled with the emerging Internet of Things (IoT), it is imperative for IT teams and senior management to embrace the strategic importance of user experience and application performance to achieve ROI and risk management objectives.

Gabriel Lowy is a Leading Technology Analyst and the Founder of Tech-Tonics Advisors, a strategic marketing and messaging consulting firm for technology companies.

Share this

The Latest

June 26, 2017

Many organizations are struggling to resolve customer-impacting incidents quickly enough to preserve brand loyalty and revenue, according to PagerDuty's recent State of Digital Operations Report ...

June 23, 2017

"Become the Automator, Not the Automated." While it's a simple enough phrase, it speaks directly to how today's organizations and IT teams must innovate to remain competitive. A critical aspect of innovation is acknowledging the digital transformation of businesses. The move to digitalization enables organizations to more effectively unlock the power of information technology (IT) to fuel and accelerate business innovation. It is a competitive weapon and a survival imperative ...

June 22, 2017

Executives in the US and Europe now place broad trust in Artificial Intelligence (AI) and machine learning systems, designed to protect organizations from more dynamic pernicious cyber threats, according to Radware's 2017 Executive Application & Network Security Survey ....

June 21, 2017

While IT service management (ITSM) has too often been viewed by the industry as an area of reactive management with fading process efficiencies and legacy concerns, a new study by Enterprise Management Associates (EMA) reveals that, in many organizations, ITSM is becoming a hub of innovation ...

June 20, 2017

Cloud is quickly becoming the new normal. The challenge for organizations is that increased cloud usage means increased complexity, often leading to a kind of infrastructure "blind spot." So how do companies break the blind spot and get back on track? ...

June 19, 2017

Hybrid IT is becoming a standard enterprise model, but there’s no single playbook to get there, according to a new report by Dimension Data entitled The Success Factors for Managing Hybrid IT ...

June 16, 2017

Any mobile app developer will tell you that one of the greatest challenges in monetizing their apps through video ads isn't finding the right demand or knowing when to run the videos; it's figuring out how to present video ads without slowing down their apps ...

June 15, 2017

40 percent of UK retail websites experience downtime during seasonal peaks, according to a recent study by Cogeco Peer 1 ...

June 14, 2017

Predictive analytics is a popular ITOA technology that you can leverage to improve your business by leaps and bounds. Predictive analytics analyzes relationships among various data points to predict behavioral trends, growth opportunities and risks, which can add critical value to your business. Here are a few questions to help you decide if predictive analytics is right for your business ...

June 13, 2017

Many organizations are at a tipping point, as new technology demands are set to outstrip the skills supply, according to a new Global Digital Transformation Skills Study by Brocade ...