Many trades require bonding. A bond is an insurance policy that guarantees the practitioner will meet their obligations in a satisfactory manner or the bonding company will pay related fines or fees.
In responding to these inevitable laws employers will have no choice but to require bonding for workers with access to PII or other sensitive data. Bonding companies will in turn require proof of qualifications of bonded individuals in the form of nationally recognized and accredited certifications and licenses.
Bonding companies will require proof of knowledge and skills competency before they will write a bond that companies can afford. This will drive certification programs and dramatically improve the quality and consistency of those programs.
Electricians have to take 144 hours of continuing education per year to remain licensed. Medical professionals all must take continuing education to remain licensed. IT is going to have to get used to idea of investing in education as well.
We already see this occurring. For example, with the recent announcement by the owners of the IT Infrastructure Library (ITIL) of a major overhaul of its certification schemes in order to promote improved control over instructors, courseware and the companies providing such training.
The Project Management Institute, the defacto-standard for project management training and certification, requires continuing education to remain certified.
Prediction: Individual workers will face audits and reviews of their work to ensure compliance with laws.
Audits will expand to include not just basic controls such as those required by Sarbanes-Oxley, but also down to random audits and inspections of individual workers compliance with new laws.
Consider the electrical trade. When an electrician completes their work it usually requires review and approval by a state certified inspector. As the process unfolds for IT and governments require licensure of bonded workers, they will establish auditors and independent inspectors to check the quality of work and conformance to code.
Prediction: IT will formalize and mandate apprenticeship and internship programs for workers.
Many trades require individual tutelage under an authorized master craftsperson as a prerequisite to being allowed to perform their duties even when supervised. Dont think this does not apply to so-called white-collar activities, some states allow learning the law via apprenticeship as well.
Apprenticeship gives trainees a thorough knowledge of all aspects of the trade by formalizing the work they perform and monitoring how well they perform the work. Apprentices are learning by practical experience under skilled workers.
Thus, an apprentice is an inexperienced practitioner. Another word for apprenticeship is internship. Most apprentice or intern programs operate under the auspices of trade associations or professional organizations or unions. Upon completion of the apprenticeship period the apprentice becomes a journeyman (or woman.)
Employers consider these practitioners highly skilled. Most people learn the electrical trade by completing a four-or-five year apprenticeship program.
Getting a job in IT is going to take longer and given the slowdown in IT graduates, this is going to drive up the costs for skilled IT craftspeople.
None of my predictions about future IT control activities can occur without standards. Such standards often arise from mistakes made in the past. For example, the evolution of electrical wiring due to harm caused in previous wiring best-practices and standards. Through evolution and revision of such standards codes of conduct arise.
An example of an existing standard is the National Electrical Code (NEC). The NEC codifies the requirements for safe electrical installations into a single, standardized source. While the NEC is not U.S. law, NEC compliance is mandated by U.S. law.
We can already see this pattern of standardization occurring in IT. Mistakes are occurring in IT that cause harm to society and individuals on a regular basis. Legislation and auditing exist in growing numbers and the resultant arrests and fines are thereby increasing as well.
Burgeoning defacto-standards such as the IT Infrastructure Library (ITIL), Control Objectives for IT (COBIT), the Project Management Book of Knowledge (PMBOK) now shape many day-to-day activities within IT.
None can still deny that IT is on the slippery slope of commoditization and indeed, trades such as the plumbing and electrical industries provide an excellent model of where the IT organization will move.
These and other commodity trades show us the real future of IT organizations. Perhaps the most visible signs of the coming changes appear in the healthcare industry. This makes sense given that industrys dependence upon IT, craft-centric licensure, regulation and obvious personal safety issues.
While healthcare IT may be taking the brunt of the suffering now, new IT laws and increasing regulations brilliantly illuminate how virtually all IT organizations will operate in the future. This future may be a few years ahead of us, but if history and current events are any indication, these predictions will in large part occur.