Although regulatory compliance has become a dread phrase for many firms, IT chiefs feel they are bringing additional valuable insight to their organisations, according to a new report by Forrester Research.

Called Navigating the European Security Compliance Jungle , the report charts the various, sometimes conflicting, rules and regulations affecting IT across Europe and the US. User organisations interviewed included AXA Tech, Credit Suisse, the Met Office, Schneider and United Utilities.

“Regulatory compliance is usually framed as a negative [but] fully half of our respondents replied that the existence of the regulatory regimes they were most concerned about, and the process of complying with them, has had a positive effect on their company and/or business,” Forrester researchers wrote.

In an interview with IT Week, one of the authors, Bill Nagel, said, “I was surprised to see how many were positive. The compliance process has helped them crystallise thinking and get conflict out of the way.”

Forrester also suggests that the European Network and Information Security Agency (Enisa) “may become the European version of the US’s Cert” as a centralised record of threats. However, Nagel added, “They’re going to have to get a bit more specific [in their guidelines].”

The report recommends adopting ISO standards as a way to benchmark compliance but Nagel said the ability to stand back and join up responsible departments was equally valuable: “The main message is to stay cool and use common sense.”