ARE YOU SABOTAGING YOUR COMPLIANCE PROGRAMME?
Your policy framework may be keeping your teams from delivering their best work. Policy frameworks are useful and necessary to ensure that your operating environment complies with regulations, governing bodies and your internally set standards. But when poorly implemented, these frameworks can interfere with your team’s desire to move quickly. Modern workers thrive when given clear parameters to work within and the freedom to solve their problems as independently as they choose. Although it is tempting to prescribe best practices and aspirational guidelines, it is incumbent on your governance group to set policies that strike the best balance between freedom and control.
First, you have the minimum set of essential controls necessary for your business to be compliant. This is a composite of all the applicable laws, contract constraints and certification frameworks you attest to. Beyond the existing and ever-shifting state laws, many states are now rolling out privacy statutes, such as the California Consumer Protection Act (CCPA), to address the growing responsibilities organisations have in managing sensitive personal data to respect everyone’s right to privacy. Frameworks such as the Health Information Trust Alliance (HITRUST) for healthcare, the Payment Card Industry (PCI) for finance, and the Sarbanes-Oxley Act (SOX) for publicly traded companies, add additional layers of complexity to the suite of controls implemented at every organisation. These controls define the baseline necessary for you to operate legally, maintain certifications and comply with your contractual agreements. In general, most people buy in to the notion that these controls must be followed for your business to compete in the market.
Jan-Mar 2024 Issue
Redox