Compliance Audit & Management Blog

The Only Constant in Regulatory Compliance is Change

Posted by Paul Molenaar | 15-Sep-2016 07:00:00

minefield-1592312_1280.jpgRegulatory compliance is an ever-growing and evolving landscape that must be navigated. It's not optional. We don't have the choice to stay in our own space and ignore what's going on throughout that landscape, we have to keep moving through it. 

Businesses Need to Develop Situational Awareness

Unfortunately, that landscape is littered with potential landmines that can cause major damage if we don't move intentionally and carefully. Worse yet, those regulatory landmines keep moving around on us. The maps we could once use that told us exactly where each footfall should land becomes less and less useful every month and year. It's like following the 20 year old map of a city that was razed and rebuilt in an entirely different layout last year. We're bound to run into a wall or at least down the wrong street, unless we keep our heads up and stay aware.

Instead of an old map, we need to create a new one - one that can easily redrawn or re-routed with every change we discover - and a metal detector that tells us when a new mine has been laid. In military and self defense training, people are taught situational awareness: always being aware of everything that's going on around them so that potential threats are noticed quickly and action can be taken before it's too late. In business this is being proactive rather than reactive.

Auditing as a First Alert System

Now add to this problematic situation the fact that we increasingly do everything in the cloud. This affords us awesome new capabilities but opens us up to even more threats from cyber criminals. And that situation is getting so bad that starting next year Google's Chrome browser will label any website that isn't HTTPS as a potential threat.

Steve Durbin, Managing Director of the Information Security Forum (ISF), gives us four actions that organisations can take to better prepare for shifting regulations and potential cyber threats.

  1. Engage in cross business, multi-stakeholder discussions to identify cloud arrangements

With our cloud systems we are almost always sharing information and data with other organisations, whether they are business partners, clients, or regulatory agencies. Everyone should be clear and on the same page about how security and compliance measures are handled.

  1. Understand clearly which legal jurisdictions govern your organisation's information

Regulations can shift when crossing state borders within your own country, let alone when crossing international borders. Each region's requirements must be clear and understood within your auditing system. 

  1. Adapt existing policies and procedures to engage with the business

With regulations constantly changing, your policies and procedures have to constantly change, at least to some degree. This can be overly difficult without real-time information that ties compliance and auditing to operations.

  1. Align the security function with the organisation's approach to risk management for cloud services

Traditional risk management systems are obsolete in the online world. If you believe that your organisation is too small or insignificant for attacks and breaches, you don't understand the scope of the problem. Security and risk management needs to become a major focus within every organisation, and the most effective tool for recognising potential problems and non-compliant areas is regular, effective auditing.

Compliance Experts provide clients with access to the Compliance Checkpoint Software Technology, which is complimented by our Professional Auditing and Consulting services. This is our unique point of difference. To learn more, visit our website or download the 30 Day Free Trial of Compliance Checkpoint.

Topics: risk, auditing

Subscribe to Blog

Compliance and audit software_Checkpoint

Recent Posts

Posts by Topic

see all