Tips For Being Compliance Ready
-
Upload
peak-10 -
Category
Technology
-
view
51 -
download
1
description
Transcript of Tips For Being Compliance Ready
TIPSFOR BEINGCOMPLIANCEREADY
IntroRegulatory rules and requirements are constantly changing, making
compliance a moving target. This is particularly true in terms of those that
impact information security and, increasingly, data security in the cloud.
At the same time, regulators are asking for greater transparency and
more detailed documentation, stepping up enforcement of the various
rules and requirements and raising penalties for noncompliance.
In this document, we look at some of the elements of a “framework”
that can be used to help your organization stay on top of the changing
regulatory landscape and be “compliance ready.”
pg. 1
Gather Information and Insights
Use multiple information sources,
including RSS feeds from regulators,
industry publications, newsletters and
alerts, to keep pace with new rules and
regulations and regulatory updates
impacting your industry. These same
sources can also help you assess
the implications of new and existing
regulations on your organization and
its compliance requirements.
Seek out advice from compliance
experts and consultants, if needed.
They make their living knowing what’s
going on in the regulatory arena.
If you are considering moving data
to the cloud, talk to cloud services
providers (CSPs) with on-staff
compliance experts. Work with CSPs
that regularly undergo independent
audits to meet a variety of regulatory
demands, such as those associated
with HIPAA/HITECH, PCI-DSS and
Safe Harbor. They will have first-hand
knowledge of what is required, at least
from the “cloud” side.
NO. 1pg. 2
Benchmark CurrentCompliance Efforts
Assess your current efforts at
meeting and reporting compliance
requirements. Do you have solid
compliance objectives in place? Are
they aligned with business goals?
Do you have a compliance budget?
Do you have a designated person or
team responsible for compliance?
If you have a team, is it cross-
organizational? Meeting compliance
requirements typically requires input
from various departments through
an organization, including finance,
human resources, legal and IT. Are
you currently undergoing internal
audits or independent audits? Is
your organization currently meeting
specific compliance requirements?
What reporting methods do you
currently use? Are you using software
to measure any compliance efforts?
What kind of risk management and
governance programs do you have
in place? Determine where your
organization stands so you can
measure its success in improving.
NO. 2pg. 3
Facilitate Efficient Reporting
Create templates and other tools to
help streamline reporting, to keep
track of compliance requirements
and reporting deadlines and for use
in responding to ad hoc information
requests. You can’t anticipate every
question or issue that will come up in
an audit. You won’t always know
when an information request will
come in. However, you can have
resources in place to help keep you
organized and ready to respond.
Expect the same from any CSP you
work with as well.
NO. 3
“However, you can have resources in place to help keep you organized and ready to respond.”
pg. 4
Manage and Track Remediation
Make sure you have a system in place
to identify and manage risks. It should
include well-defined processes for
identifying weaknesses, deficiencies
or gaps in compliance, as well as for
assigning and tracking remediation
of any issues.
A number of applications are available
for managing the remediation process,
but you can also use something as simple
as spreadsheets. Just make sure control
and process owners have the necessary
guidelines to complete and document
any remediation tasks efficiently.
NO. 4
“...you can also use something as simple as spreadsheets.”
pg. 5
Create a Compliance-friendly Environment
NO. 5
Set expectations of responsible behavior
among employees at all levels. Explain and
continue to reinforce what compliance is
and how it is important to both individual
and company performance. Encourage
company leaders to integrate compliance
and risk management messaging into
their staff communications. Establish
confidential channels for employees who
want to report questionable behavior.
Implement training and awareness
testing. Social media channels can be
effective tools for communicating with
employees and encouraging dialogue.
Include your CSP and any other partners
in your “compliance culture,” but make
sure your expectations are also part
of your contractual arrangements
with them.
pg. 6
ARE YOUCOMPLIANT?WE CAN HELP.
866.473.2510 | www.peak10.com