This is the first article in a series on taking control of compliance in 2019—for good!
It’s 2019, the start of a brand-new year, all shiny with possibilities. You’ll accomplish great things for your company this year. But there’s a dragon lurking in the corner. A hurricane is brewing, and you’ll be stuck in the eye of the storm. Your annual compliance cycle is coming your way, and it’s going to be an awful mess, again.
Your stomach tightens just thinking about it, because you know what kind of a disorganized rat’s nest you walked away from last year. While you were neck-deep in compliance wrangling, business-as-usual was piling up all around you. So the moment your compliance engagement was finished, your team dropped everything to put out the fires that were waiting for you.
Check out the rest of the series:
- Survey the landscape of your compliance certification requirements (this post)
- Evaluate your vendors and auditors
- Build your budget
- Choose the best compliance tools
- Streamline compliance management
- Recruit your compliance team
- Train your people
- Automate ongoing compliance tasks
Slay the Compliance Dragon
Last year, you left a bunch of loose ends and a rat’s nest of disorganization behind. If you don’t feel the compliance dragon breathing down your neck yet, you will soon.
But you can slay that dragon. I’ve been where you are, and I know the frustrations, the chaos, the feeling of barely maintaining control. There is a way out. The annual compliance cycle doesn’t have to be a cluster storm of insane stress and chaos. More and more CISOs are discovering that their compliance activities can be smooth, efficient and trouble-free. Imagine running a compliance process that’s simply no big deal!
The key to taking control of compliance is taking stock of your current situation and strategically gaining control over the moving pieces, one component at a time—then maintaining your compliance efforts with very doable rinse/repeat maintenance activities.
This is the first article in a series that will walk you through the process of slaying the compliance dragon—for good. Tired of feeling beaten up by your annual compliance cycle? Then let’s slay that dragon!
Handpicked related content: How One Company Took the Stress out of Compliance Management
The first step in calming the compliance chaos is knowing what on earth your compliance world looks like right now. Your internal compliance team will need to gather your responsibilities for compliance, then make some decisions about them going forward. Here’s how to do that.
1) Know Your Business Sector
For most industries, certain compliance standards are a given. Start by taking inventory of the compliance standards that are applicable to your business sector. If you’re in healthcare, you must be HIPAA compliant. If you deal with ecommerce, you have PCI to deal with.
You might cross over into one or more secondary markets. For example, a pharmacy is in the healthcare industry as well as commerce, so PCI and HIPAA are both required.
There are others that aren’t as obvious. For example, a law firm will have agreements with clients, which have various inclusions surrounding how to treat client information.
2) Know the Law
Find out what federal and state compliance requirements apply to your business. Government regulations such as FLSA and OSHA are examples. There’s also GDPR, which is one standard that is tripping up a lot of U.S. businesses. In essence, if your company has a web presence, you’d better be GDPR compliant.
3) Check Your Contracts
You might be surprised to find a clause or two in your existing contracts that obligates you to a standard you’ve never paid attention to. Review all your agreements with clients and partners to be sure you’ve got a handle on everything you need to be compliant with.
4) Take a Pulse of the Industry
Beyond your legal and industry obligations, you may also have customer expectations to consider. Even if you aren’t bound to complying with GDPR, your customers and sales leads might care a lot about how you handle their personal information. It could be a tremendous business advantage for your company to voluntarily become GDPR compliant.
Check with your marketing and sales departments to find out what customers are expecting or asking about. Do some research to see what your competitors are compliant with, and why. You’ll use that information to evaluate whether you should add any compliance standards to your list.
5) Trim the Fat
By now you probably have a much longer list than you expected to have. Feeling like you’ve just multiplied your compliance duties? That list can feel overwhelming, but that’s okay—remember, we’re slaying the compliance dragon.
The good news is, you may be able to eliminate a percentage of standards from that list and whittle it down. The not-so-good news is, you probably won’t whittle it down as much as you’d like. But that’s okay, too. This is just the very first step along the path to slaying that compliance dragon. You’ll get there.
Now let’s trim the fat off that list, and prioritize your compliance standards. Here’s how:
- Create three bucket categories: Need to Have, Nice to Have, Won’t Have.
- Go through the list and prioritize each standard. You may discover that you’ve been complying with standards that are neither necessary nor valuable. Put them in the Won’t Have bucket. For others, you might put them on a wish list of certifications that aren’t necessary, but would be beneficial to your company or your customers.
- Go through the nice-to-have certifications and prioritize them. Which ones will you tackle right now? Which ones will you add later in the year, or next year?
That leaves you with a list of necessary certifications you need to tame now, and maybe some nice-to-have certifications that you’ve marked as a priority. That may be more than you’d like to deal with, but it’s better than not knowing what you’re really dealing with.
You’re Taking Control of Compliance!
These are the standards and certifications you’ll gain control of this year. The other ones can be tackled next year, or even farther down the line. With this list, you know exactly what you’re dealing with and what you’ll need to keep on your radar. That means you won’t have any surprises pop up unexpectedly, and no certifications will slip through the cracks.
Having this knowledge puts you in the best position to move on to the next step in slaying the compliance dragon: getting a handle on your vendor and partner resources. We’ll walk you through that step in our next article.
There really is a better way to take control of all of your compliance information. TCT Portal connects the dots between your internal resources, vendors, auditors and your clients to make sure each and every certification is completed in a cohesive, coordinated manner.
See how easy it can be—schedule your live demo today.