Business, Information Security, Risk Management

5 Ways Businesses Blunder on Compliance


An effective compliance program is essential to ensuring business functionality across the globe. It is not enough to merely implement the program – it must also be fluid, in that it is properly and competently administered. The list below outlines some common mistakes that organizations make, which can lead to inefficient compliance strategies or breaching regulations.

Poor due diligence:

Failing to properly vet a third party entity before conducting business can drag a company’s reputation and standard down. Most companies spend time making sure that they are operating above board and in accordance with both domestic and international regulations. However, where the mistake comes in is assuming that the third party entity has a similar moral standard. The findings from due diligence can be priceless, whether it is detecting non-compliant actions in a potential third party and saving your company’s reputation and money, or investing in trust knowing that the third party has a clean slate.  

Using out of date technology for compliance programs:

Another common error that companies make is using legacy technologies that don’t work to manage their compliance programs. Oftentimes these go un-updated due to factors such as cost or technical constraints. These programs can become a headache for global compliance efforts because they can be fragmented according to activity-specific vendors, which makes reporting more difficult on a grand scale and increases the administrative cost. Companies that want to avoid issues arising from legacy tech might want to consider compliance platforms and secure cloud-based solutions.

Lack of effective communications between different teams:

Siloed security teams can lead to mixups or situations in which the relevant information is not available to an involved party.  There is a lot of teamwork that goes into developing security policies – there are those who create and enforce the policies, those who ensure optimal system functionality, and those who tie those security policies to business applications. Sometimes these teams don’t always interact with each other, but their responsibilities are collaborative.

Allowing undocumented changes on the fly:

An essential part of compliance and risk management is documenting everything. If businesses don’t encourage documentation, they run the risk of – at best, having policies for which there is no explanation, and at worst – breaching compliance regulations.

Failure to thoroughly train employees:

Once the compliance program has been implemented, it is of utmost importance to ensure that it gets clearly communicated to everyone in the business. Training should be frequent and thorough, making sure to cover all aspects of the program and how it translates into everyday work life for company personnel. So many data breaches in recent times have been due to human error. Whether these were instances caused by a lack of adherence to security policies or simply ignorance on part of the individual, your business has the ability to address both issues. Training is an easy win in the long run of compliance.

This article was written by Kristina Weber of Centry Ltd. For more content like this, follow @CentryLTD on Twitter!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s