What is compliance?Compliance is the state of being in accordance with established guidelines or specifications, or the process of becoming so. Software, for example, may be developed in compliance with specifications created by a standards body, and then deployed by user organizations in compliance with a vendor's licensing agreement. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Show
Compliance is a prevalent business concern, partly because of an ever-increasing number of regulations that require companies to be vigilant about maintaining a full understanding of their regulatory requirements for compliance. To adhere to compliance standards, an organization must follow requirements or regulations imposed by either itself or government legislation. Regulatory compliance examplesSome prominent regulations, standards and legislation that organizations may need to be compliant with include the following:
IT compliance guidelines vary by country; Sarbanes-Oxley Act, for example, is U.S. legislation. Similar legislation in other countries includes Germany's Deutscher Corporate Governance Kodex and Australia's Corporate Law Economic Reform Program Act 2004. As a result, multinational organizations must be cognizant of the regulatory compliance requirements of each country they operate within. For example, GDPR applies to all organizations that are based outside the European Union, as long as they also operate in the EU.
Regulatory compliance vs. corporate complianceThere are two main types of compliance that denote where the framework is coming from: corporate and regulatory. Both corporate and regulatory compliance consist of a framework of rules, regulations and practices to follow.
Corporate and regulatory compliance are very similar, with their main difference being whether their policies come from internal or external regulations. Chief compliance officer and other compliance rolesAs regulations and other guidelines have increasingly become a concern for corporate management, companies are turning more frequently to specialized compliance software and IT compliance consultancies. Many organizations have even added compliance jobs, such as the role of chief compliance officer (CCO). The main responsibilities of a CCO include ensuring the organization is able to both manage compliance risk and pass a compliance audit. The exact nature of a compliance audit will vary, depending on factors such as the organization's industry, whether it is a public or private company, and the nature of the data it creates, collects and stores. Other responsibilities of a CCO include identifying the potential risks an organization faces, assessing the effectiveness of any risk-prevention processes and resolving any compliance issues. This image shows the roles of a chief compliance officer.Other possible compliance roles include the following:
Best practices and strategies for corporate complianceTo ensure an organization follows compliance laws or regulations, they should follow these best practices:
Learn more about compliance and its related security concerns in this article. This was last updated in October 2021 Continue Reading About compliance
Dig Deeper on Data governance
What was the first Federal law to address Federal computer Security?In response to a growing fear of security threats to the U.S. Federal Government, the Computer Security Act (CSA) of 1987 was signed into law on June 11, 1987.
What Federal Act requires all users of Federal computers to be trained in information systems security?Federal Information Systems Security Act of 2002.
Which law requires mandatory periodic training in computer Security awareness and accepted computer Security?The Computer Security Act establishes minimum acceptable security practices for Federal computer systems containing sensitive information. It stipulates that each Federal agency provide mandatory periodic training in computer security awareness and accepted computer security practices.
How does the Sarbanes Oxley Act of 2002 affect information security managers quizlet?How does the Sarbanes-Oxley Act of 2002 affect information security managers? Security managers will look for reliability of the information that they acquire from technology managers while these managers will want the information security managers to verify that the information is confidential and integrity is good.
|