Compliance impacts a broad spectrum of people across your organization, and even your vendors. Compliance affects IT, but it also impacts your hardware and software development teams. It has implications for the Sales team—especially how they treat information during the sales process, or handle payment information. HR touches compliance-related data every time they do hiring, termination or background checks. Legal needs to make sure contracts with clients and vendors contain the right pieces of information. There are even compliance implications at the Executive level, because more and more standards are pressing for executive oversight.
No single compliance administrator can handle all that—you’d be putting them smack-dab in the eye of a compliance hurricane. Instead, you need a compliance team.
What Is a Compliance Team?
A compliance team is a set of key individuals throughout your company, or trusted vendors, who collaborate to make compliance run smoothly. The specific purpose of your compliance team will depend on your company’s compliance maturity. Generally, there are two primary modes you team could operate in.
Phase One: Getting compliant. When you’re first achieving compliance, the number one job for your compliance team is to coordinate efforts, work together, and collaborate to get in place everything you need to meet security/compliance standards.
Phase Two: Maintaining compliance. Once you’ve got everything in place, you’re in operational mode for your compliance. In this phase, the compliance team ensures that you’re maintaining operational compliance, in accordance with guidelines of the certification. Basically, you’ll need to manage the list of tasks that need to be done on a regular, recurring basis—daily, weekly, monthly, quarterly, semi-annually and annually.
Hand-picked related content: A Simpler Way to Stay on Top of Compliance All Year
In either phase, your team is a collaborative unit. You can’t just clap the compliance administrator on the back and wish them good luck. For example, onboarding new personnel is a collaborative effort between HR and IT. Together, they hire personnel, provide them with credentials and system access, and train them on your IT and cybersecurity policies.
At any point, a customer or vendor could request evidence that you’re staying in compliance. Your compliance team should be able to handle those requests.
Running a Compliance Team
How often should your team meet?
During phase one, you’ll probably need to meet pretty frequently at certain times. Do what feels right—if you’ve got a lot to discuss, meet more often.
As you get into operational mode, you’ll probably need to meet every couple of weeks for the first quarter. Check in and make sure people throughout your company are on-pace, doing their responsibilities. It’s a good idea to coordinate with your consultant or assessment firm to be sure the data you’re collecting is the right stuff. If you stay on top of things from the beginning, you’ll start to get a good feel for your processes and data, and you can start to meet less often.
Pro tip! In the second quarter, be sure to take a look at what’s coming up in the next three months. Some semi-annual tasks will be coming due, and you don’t want to get caught off-guard.
What’s the agenda?
Besides a meeting frequency, you’ll need an agenda. Each meeting, review the deliverables for your recurring tasks. Confirm you’ve got the right information in hand and that it’ll pass muster. TCT Portal makes this really easy by laying out what needs to be done, when, and how often. Teh portal facilitates the compliance assignments and workflow internally, and with any of your consultants and auditors.
Hand-picked related content: How One Company Took the Stress out of Compliance Management
Who should be on your compliance team?
Anyone who has compliance responsibilities could be on your team, but at the very least, be sure to consider the following people:
- Compliance officer
- IT director
- C-level executive
- Software development representative
- Database representative
- Security person
- Vendors with security / compliance responsibilities
- Assessment firm and external consultant, if leveraged
- Legal, as needed
- HR, as needed
The people on your team need expertise, patience and tenacity. They need to be good with coordination and collaboration. And make sure the people on your team have the backing of your C-level executives, so that if you’re not getting the evidence you need when you need it, you can get support from executives.
Make Compliance Easier
You don’t need to dive into the eye of the compliance hurricane on your own. With a collaborative team that’s backed by your executive leadership, you’ll have a much easier time keeping all the compliance balls in the air.
Need help tracking your compliance efforts? TCT Portal can make it easy for your team to review each task and understand exactly what you need. Schedule a personalized demo to see the difference TCT portal can make for your company.