Blog · 06 Jun 2017

Why you might be at risk of a compliance breach

Securing your business against cyber crime doesn't guarantee compliance (and vice versa). Here's how to make sure you get the best of both worlds.

Head of security, risk and compliance centre of excellence

Security isn’t the same as compliance

You might think that meeting all of your security needs means you’ve automatically dealt with your compliance risks too. After all, your security setup keeps your data private, right? And that’s enough to handle those regulatory requirements, isn’t it?

Unfortunately, the reality is nowhere near that simple. You can be ‘secure’ without meeting your compliance plan, code of conduct or the aforementioned regulations. And if your budget and planning focuses too heavily on security, you could easily be at risk of failing to meet your compliance requirements.

You have to pay attention to both

In today’s fast-paced IT environment, tech teams push hard to meet the latest rules and expectations of their security and privacy. But compliance requirements often revolve around regulations rather than the usual security certifications. This means that the two don’t always match up.

A focus on security could therefore be calamitous for your company when the regulators come calling. What you need within your organisation is a strategy for compliance that includes security measures and tactics, but doesn’t rely solely on them.

Three steps to solve the issue.

So, how can you bring security and compliance together? Here are three steps to take which will make sure you take care of both.

1. Make sure there’s collaboration between all the teams involved

This might seem obvious, but not many organisations do it well. You have a number of groups that have an effect on compliance, including security, privacy, quality and legal — not to mention your business leaders. And every one of these will have their own priorities and views.

By building a multi-disciplinary team to evaluate the options, you can make sure that each team has a say in your strategy. This gives you a much better chance of providing security and compliance in a way that suits everyone.

2. Establish a ‘Compliance Forum’

Once you have your strategy team in place, you have to make sure they come together regularly (I recommend monthly) to discuss issues and new developments. This gives everyone an update on your organisation’s priorities and risks — especially when it comes to your IT.

This can be particularly helpful when you feed back to management and the board because you’ll already have identified whether your balance of focus and spending is appropriate to the risks highlighted by your forum.

3. Look at the bigger picture in your industry

You have to take a look at the various rulings and investigations taking place within your industry. These will give you a good idea of whether your strategy covers the areas that others have fallen down on.

Looking at the whole picture rather than focusing solely on your own situation — and knowing the right questions to ask — will help you avoid the gaps between compliance and security.

Making sure your organisation is both secure and compliant is no small task, but follow these three steps and you’ll have a much better idea of whether you’re on track or not.


Related content


Machen Sie Sicherheit zum integralen Bestandteil des Unternehmens


Datenvorschriften und Gesetze einhalten

Noch nie war es so wichtig, einschlägige Gesetze und Vorschriften einzuhalten. Holen Sie sich die Tools, um sich der Herausforderung zu stellen.
Die Lösung

Schützen Sie Ihr Unternehmen – vom Netzwerk bis zur Cloud

Mit zunehmender Akzeptanz der Cloud gestaltet sich die IT-Sicherheit immer schwieriger und komplexer. Vergewissern Sie sich, dass Sie in jeder Phase des Prozesses geschützt sind.