The Verisade Library contains information about cyber security and Australian business, including information about threats, current controls and best practice, strategies and white papers.

Compliance Obligations in 2015

Can you absorb increasing compliance obligations?

In Predictions 2015: CIOs Accelerate the Business Technology Agenda, dated 10 November 2014, Forrester Research predicts that ‘data security and privacy concerns will rise dramatically in 2015’. If this is the case, it will directly affect organisational compliance programs. Are your compliance programs agile enough to adapt to and address these evolving changes?

Compliance obligations are designed to address common risks that face individuals, businesses, business sectors, governments or entire countries. They are defined by policy, standards, regulations and laws. The value in complying with these requirements is that compliance allows the management of common threats across communities, reducing the risk that they will affect individual members and their stakeholders adversely.

Although compliance brings this value to community members, it simultaneously burdens individual organisations with the requirement of keeping up-to-date with new and evolving obligations, ensuring compliance with all applicable obligations and removing compliance duplication throughout the organisation. To address this, most organisations will dedicate resources to manage compliance; however, they struggle with managing the diversity. The interpretation, design, implementation and ongoing management of controls requires specialised skills. Staff need to have a thorough understanding of all the compliance domains applicable to the organisation—often an impossible task with the limited resources available.

Forrester’s Predictions 2015 paper goes on to say: ‘…in 2015, CIOs will work with business peers to proactively manage data’s security and privacy impacts on their firms’ behaviours and brands’. In other words, the responsibility and management of compliance obligations will be owned by the organisation, but they will engage specialists to help interpret, design, implement and monitor specific compliance domains on their behalf.

Verisade specialises in information security compliance management services, providing predictable and reproducible solutions for organisations using ISO27001, ISO31000, or the Commonwealth government’s PSPF or ISM—freeing up organisational resources to get on with business.