Storagepipe Is Now Thrive

GridWay Is Now Thrive

Compliance

Keys to Getting Started With Compliance

ComplianceI have recently jumped head first into a number of compliance initiatives both for our internal needs as well as for our customers.  To say that I have learned a lot in 3 months is an understatement.  I was working with a compliance consultant who at the beginning of the exercise said, “Mike, you seem like you know a little about this stuff and you could probably play a compliance consultant in a movie but we’ve got a lot of work to do.”  Not the comment I was looking for at the time but I am always up for a challenge.  (By the way, what movie would need an actor to play a compliance consultant?)

What I learned is this: compliance is confusing, compliance is important and that I really like compliance.  Compliance is the most exciting topic, and I get that but what I realized is that even the best IT people are working from memory and experience.   It gives the company a recipe to work from.  I also started to realize that many people do not like compliance because they do not understand it.  As I started to learn about it, I feared it a lot less.  I also started to leave because of the statement “we need to do this for compliance.”  That statement will not give your co-workers to buy-in and its likely to stall a lot of your compliance initiatives.

In an effort to starting breaking that sinking feeling when someone brings up compliance here are a few key principles to give everyone a little confidence that they can figure this out.

What type of compliance applies to your company? – HIPAA, COBIT, PCI, SOX, SOC2, the obligatory alphabet soup is the first daunting task you need to look at it.  The basic question here is; are there laws you need to follow because of the business you are in or are you trying to differentiate your business by having additional controls?  SOC2 (Service Organization Control) is a choice but many companies achieve this certification to stay in step other their industry.

What kind of data do I hav