Tips For Being Compliance Ready
0 likes349 views
The document outlines strategies for organizations to maintain compliance with evolving regulatory rules, especially in the context of information and data security. It emphasizes the importance of gathering information, assessing current compliance efforts, facilitating efficient reporting, tracking remediation, and fostering a compliance-friendly environment. Recommendations include leveraging expert advice, implementing systems for risk management, and promoting a culture of compliance within the organization.
Tips For Being Compliance Ready
- 2. Intro Regulatory rules and requirements are constantly changing, making compliance a moving target. This is particularly true in terms of those that impact information security and, increasingly, data security in the cloud. At the same time, regulators are asking for greater transparency and more detailed documentation, stepping up enforcement of the various rules and requirements and raising penalties for noncompliance. In this document, we look at some of the elements of a “framework” that can be used to help your organization stay on top of the changing regulatory landscape and be “compliance ready.” pg. 1
- 3. Gather Information and Insights Use multiple information sources, including RSS feeds from regulators, industry publications, newsletters and alerts, to keep pace with new rules and regulations and regulatory updates impacting your industry. These same sources can also help you assess the implications of new and existing regulations on your organization and its compliance requirements. Seek out advice from compliance experts and consultants, if needed. They make their living knowing what’s going on in the regulatory arena. If you are considering moving data to the cloud, talk to cloud services providers (CSPs) with on-staff compliance experts. Work with CSPs that regularly undergo independent audits to meet a variety of regulatory demands, such as those associated with HIPAA/HITECH, PCI-DSS and Safe Harbor. They will have first-hand knowledge of what is required, at least from the “cloud” side. NO. 1 pg. 2
- 4. Benchmark Current Compliance Efforts Assess your current efforts at meeting and reporting compliance requirements. Do you have solid compliance objectives in place? Are they aligned with business goals? Do you have a compliance budget? Do you have a designated person or team responsible for compliance? If you have a team, is it cross- organizational? Meeting compliance requirements typically requires input from various departments through an organization, including finance, human resources, legal and IT. Are you currently undergoing internal audits or independent audits? Is your organization currently meeting specific compliance requirements? What reporting methods do you currently use? Are you using software to measure any compliance efforts? What kind of risk management and governance programs do you have in place? Determine where your organization stands so you can measure its success in improving. NO. 2 pg. 3
- 5. Facilitate Efficient Reporting Create templates and other tools to help streamline reporting, to keep track of compliance requirements and reporting deadlines and for use in responding to ad hoc information requests. You can’t anticipate every question or issue that will come up in an audit. You won’t always know when an information request will come in. However, you can have resources in place to help keep you organized and ready to respond. Expect the same from any CSP you work with as well. NO. 3 “However, you can have resources in place to help keep you organized and ready to respond.” pg. 4
- 6. Manage and Track Remediation Make sure you have a system in place to identify and manage risks. It should include well-defined processes for identifying weaknesses, deficiencies or gaps in compliance, as well as for assigning and tracking remediation of any issues. A number of applications are available for managing the remediation process, but you can also use something as simple as spreadsheets. Just make sure control and process owners have the necessary guidelines to complete and document any remediation tasks efficiently. NO. 4 “...you can also use something as simple as spreadsheets.” pg. 5
- 7. Create a Compliance- friendly Environment NO. 5 Set expectations of responsible behavior among employees at all levels. Explain and continue to reinforce what compliance is and how it is important to both individual and company performance. Encourage company leaders to integrate compliance and risk management messaging into their staff communications. Establish confidential channels for employees who want to report questionable behavior. Implement training and awareness testing. Social media channels can be effective tools for communicating with employees and encouraging dialogue. Include your CSP and any other partners in your “compliance culture,” but make sure your expectations are also part of your contractual arrangements with them. pg. 6
- 8. ARE YOU COMPLIANT? WE CAN HELP. 866.473.2510 | www.peak10.com