The New Era of Compliance
Welcome to the new compliance! Regulations and compliance audits represent a significant expense to organizations. That expense will increase for some, and decrease for others, depending on the choices they make. Compliance becomes an even greater expense when we fail at it, and greatest of all when we are found negligent.
Is there some way we can make this better?
Aside from changing the regulations and standards we’re held to, we can build compliance programs that are easier to follow, automated, and well documented.
But one problem is that so many companies are moving in the wrong direction. Compliance is about people and their actions, and that’s unlikely to change. Compliance tools, on the other hand, are too often focused on things like automated scans, network vulnerabilities, once a year inspections, and other momentary findings. The question should be, who in the organization is addressing the major risks, and what do they do on a recurring basis to keep the organization in good shape? The answer may involve more people than you would guess.
Access logs don’t matter if nobody reads them. Backup strategies don’t matter if nobody tests them. Administrative controls don’t matter if they only exist on paper. Employee manuals, SOPs, rules, and programs don’t matter if you can’t show that employees were trained on them and followed them on a day to day basis.
Find out how you can use Kraken to easily implement compliance programs that matter. You can build a record that shows continuous diligence over a period of years, and across the organization. In the event that a mistake or breach occurs despite all efforts, that same record will demonstrate that the organization and its employees took every reasonable action to prevent it.