|
The term “compliance” is very common in the news and on TV, but many business owners do not know how the issue of compliance affects them in practical terms. It is often viewed as an end-state, such as “we need to become compliant” instead of the view that compliance is an ongoing requirement for the business to adhere to an objective set of standards.
From a dictionary definition, compliance is a state of being in accordance with established guidelines, specifications, or legislation. In a common definition of the term, compliance is merely meeting the minimum standards as required by a law or industry requirement. These standards for compliance can be as mundane as requiring antivirus on all computers or it can be as complex as mandating specific software development standards.
A little known fact about compliance is how it affects your insurability (you are encouraged to verify this with your business insurance provider, since it is that important to determine your individual situation). If your business is required to meet certain standards for the security of your network (this can be mandated by a law or it can be a contractual requirement that is found in many industries) and your business fails to meet that known, objective standard, then you can be found professionally negligent. Insurance companies generally have “negligence loopholes” written into business insurance contracts, so that you will not be covered by insurance for any losses, damages, or lawsuits arising from a non-compliant incident. This has the ability to put you out of business.
This all may sound overwhelming, but a positive aspect towards modern compliance requirements is that these various standards are generally industry-recognized “best practices.” The bad news is if the standards seem overwhelming and foreign to you, then realistically you are “behind the power curve” and have not kept up with standard procedures to protect your business, your employees, and your clients. The good news is that compliance is achievable by every organization, regardless of its size or resources.
A simple tool to measure your compliance - if you have to think about it or are not 100% sure you have taken the steps to be compliant, then you are non-compliant. That may sound harsh, but it is generally an accurate statement.
Examples of compliance:
- Do you accept credit or debit cards as a form of payment from customers or vendors? [hint - PCI DSS compliance]
- Are you a bookkeeper or CPA? [hint - GLBA & PCI DSS compliance]
- Do you deal in any way with the credit reports or credit scores of people? [hint - FACTA compliance]
|
