Are IT audits like an MOT test for a car?

Here in the UK, after the second world war, lots of people were driving cars which were in pretty bad repair – brakes were poor, lights were damaged and steering was often ropey. This lead to accidents and injuries that could have been prevented. In 1960 the Ministry of Transport introduced a compulsory test, now commonly called the MOT, on all vehicles over 10 years old in an effort to ban the most dangerous cars from the road. Over time the age of annual tests reduced to its current of 3 years and the breadth and depth of the MOT has now expanded to incorporate new technologies such as catalytic convertors.

Is the growth in IT related regulations and compliance requirements following a similar trajectory to the evolution of the MOT test?

All in all we now see far fewer “old bangers” on the road than at any time in the past and I wonder whether we will benefit in seeing fewer data breaches and security lapses as computer systems are put through regular audits or their MOT equivalent.

Of course the mistake many people make when buying a car is to assume that a current MOT certificate is proof that a vehicle is roadworthy. Of course it isn’t – all it means is that at the time of testing the car was able to pass the MOT test.

In a similar way a computer system may pass an audit but very rapidly collapse into a state of non-compliance due to mismanagement. Constant attention to audit and compliance is the only sensible way to manage these needs.

Who knows, with the development of decent compliance and regulations we may see less dangerous IT systems and fewer data loss accidents, crashes and mishaps.

It’s food for thought.