Comply Through Teamwork

Aug 1, 2007 12:00 PM, By Kathleen Kotwica


         Subscribe in NewsGator Online   Subscribe in Bloglines

Is your company dealing with regulatory compliance issues and/or pressure to comply with industry standards? How are you working with the other company functions engaged in compliance - such as audit, compliance, legal, risk management, HR and business unit leaders? Do you have a Unified Risk Oversight* team in place to discuss and plan how you will become compliant in the most efficient way?

Assembling a team to review the requirements or controls by categories will clarify where there are multiple efforts in place. For example, do the information protection standards the IT team has in place already cover some or most of the privacy requirements in HIPAA**? Are there certain aspects of C-TPAT*** that lend themselves to other types of product protection?

Senior management cares about EBITDA (earnings before interest, tax, depreciation and amortization). By coming together to resolve redundancies or using what may already be in place as a guide for similar issues, you can show management that the company is as protected against regulatory risk as it can be and save the company time getting there, both of which mean saving money.

They like that.

Kathleen Kotwica is vice president of research and product development for the Security Executive Council, a cross-industry, executive-level organization seeking to advance strategic security practices and solutions. For information, visit www.csoexecutivecouncil.com/?sourceCode=access.

Did You Know? *Unified Risk Oversight - A concept trademarked by the Security Executive Council geared toward encouraging organizational integrity beyond any one element or regulation. To achieve this, organizations will define various security risks and expectations for demonstrating social responsibility - typically by employing a Unified Risk Oversight team - and organize them to be viewed and examined collectively across the organization.

**HIPAA - Health Insurance Portability and Accountability Act; enacted by U.S. Congress in 1996; Title I addresses healthcare access, portability and renewability and protects health insurance coverage for workers and their families when they change or lose their jobs. Title II, the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans and employers.

***C-TPAT - Customs-Trade Partnership Against Terrorism; a voluntary supply chain security program led by U.S. Customs and Border Protection (CBP) that is focused on improving the security of private companies' supply chains with respect to terrorism. The program was launched in November 2001.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top