For today’s blog post, we sat down with CMIT Solutions of Round Rock owner Jeff Floyd to talk about compliance standards and where they are headed in the future. There has been a lot of talk in the media of the government putting a tighter rope on compliance standards, so we hope this helps you to better understand the media hype.
What are compliance standards?
Great question. Many industries have security standards that require business owners and staff to conduct operations in a manner that keeps all parties “safe”. For example, Certified Public Accountants (CPAs) who work for a public company are required to record financial transactions in a standard method so anyone reviewing a financial statement can trust the summary of data contained in the financial statements. Another example that hits closer to home is the HIPPA (Health Insurance Portability and Accountability Act) document you sign annually at your doctor’s office. Health care providers are required to get permission before they disclose any health-related information to anyone other than yourself.
Examples of compliance standards that apply in different industries include, but are not limited to:
- Payment Card Industry – Data Security Standards (PCI-DSS)
- General Data Protection Regulation (GDPR)
- Sarbanes-Oxley Act (SOX)
- Fair and Accurate Credit Transaction Act (FACTA)
- Fair Credit Reporting Act (FCRA)
- Defense Acquisition Regulations System (DFARS)
- National Institute of Standards (NIST)
- Gramm-Leach-Bliley Act (GLBA)
- SAS 70 / SSAE16
- Financial Industry Regulatory Authority (FINRA)
- Family Educational Rights and Privacy Act (FERPA)
Another kind of compliance comes into play when you provide products or services for a regulated industry. For example, if you sell a component to a company that incorporates your product into a larger system and in turn sells that system to the Department of Defense. If you read the fine print of your contract, your company most likely is required to comply with at least a portion of one of the compliance standards listed above.
To sum up, being in compliance with a relevant standard tells the world that your policies, procedures, work product, and activities are in line with the expected norms. It means that you are a lower risk to your customer than another vendor that is not compliant.
How do I know if compliance standards and requirements apply to me?
In some cases, business license requirements point to the needed compliance standards (as mentioned in the CPA example above). In other instances, your business insurance (malpractice, umbrella, liability, etc.) provider will highlight compliance standards before they will issue a policy. The most overlooked indicator of compliance needs is contracts. How many contracts have you signed without reading the details? If you are doing business with a regulated industry be sure to read (or have your attorney read) any contract in detail to be sure you understand any compliance requirements being agreed to.
Why should I care about compliance standards?
When you comply with the requirements of a standard your overall business risk is lowered. When operations are conducted in accordance with industry norms, then you are less likely to get in trouble with regulators, inspectors, or the general public. Another reason for being compliant with standards is that it gives you a competitive advantage over those firms that do not meet the standard norms of operations.
How do I find out if I am compliant?
Do your homework and find a trusted advisor that can assess whether your business operations meet the required compliance standards. With all of the standards out there, you might need to contact more than one advisor as it is difficult for any one person to be knowledgeable about them all. Sign an NDA with the advisor(s) and encourage your staff (all of your staff, don’t skip any department no matter how small) to be completely open and honest about how they conduct their daily business. That way the advisor(s) get an accurate picture and can make the proper recommendations. This is very important: don’t get defensive when the advisor(s) find areas for improvement. Instead, be thankful that the areas were identified early and you can make proactive changes before any harm was done. Then create a plan to improve the areas identified and have the advisor(s) take another look to see if they agree.
Lead by example!
My last point is that you are the leader of your business. You lead by example. Your words and your actions must be in sync. If you say one thing and do something else, you’re sending a loud and clear message that you don’t take compliance standards seriously. So as the leader, be prepared to make more changes than anyone else in your organization. This can be as simple as from time to time asking the question: How does this decision impact our compliance?
We hope this helps demystify the world of compliance standards. So what’s your compliance strategy moving forward? Are you ready to take the next step toward making your business operations safer? The good news is you don’t have to understand all the intricacies of compliance standards — that’s what we’re here for.
Let CMIT Solutions Round Rock worry about compliance standards so you don’t have to! Contact us today so we can put our compliance expertise to work for your business.
