On the other hand, you have a significant government regulatory compliance presence. In some industries like healthcare, you have very clear guidelines from regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). The trick becomes identifying what regulatory guidelines apply where, and in the case of multiple regulations, determining which take precedence.
In general business environments, you may find yourself needing to apply guidelines from Sarbanes-Oxley; or, if dealing directly with the government, from the Federal Information Security Management Act (FISMA). Dealing with financial institutions may require adhering to SEC Rule 17a-4, while even private industry gets into the regulatory business with standards such as Payment Card Industry (PCI) compliance, which is required for secure cardholder data, and which — in light of the many security breaches over the last few years — may soon see much greater government oversight.
IT often finds themselves the gatekeepers of these sorts of regulatory standards. In such cases, IT professionals need to consider almost every change to the computing environment, as well as the impact of those changes on compliance with regulatory guidelines.