With the number of compliance rules and regulations actively impacting businesses today, it will take more than one person to bring your company in line. Let’s consider how each part of your business will influence compliance.
Your first line of defense against compliance failures is the technology in use and the team who maintains it. Consult with your IT team to discuss:
· Email Encryption: How are emails and files that go in and out of your office protected to avoid revealing identifying information?
· Data Encryption: How do you collect and retain credit card information? Are there any gaps where that information could be stored or released in an identifiable way?
· Firewall: Are you protecting your company data and communications using a screen door that is easily opened by hackers, or are you using a multi-level security system preventing intrusions?
· Backups: How often, when and where is your precious company information backed up? Can you test your backups to prove they are effective? Is your current backup plan compliant regarding customer data?
· Data Availability and Storage: Who has access to your data? Only certain individuals in your company should be able to access all data, like financial records or payment information. How are you restricting access on your network or within line of business applications to ensure safety?
· Physical Access: Who has access to computer systems and servers? Do you train your staff to lock their systems every time they leave their desks? Are you using privacy filters on appropriate screens to avoid wandering eyes?
Internal Compliance Officer
While this may not need to be a full-time role within your organization, you should have a compliance champion on staff. Your IT company can absolutely set you up for success, but they are not around to police your staff every hour of the workday.
The Compliance Officer is responsible for ensuring that your staff follows important compliance policies, maintains vigilance surrounding compliance, keeps documentation up to date, and works with authorities if necessary. Specifically, they:
· Watch for employees falling into bad habits, like leaving computers unlocked or sending credit card data haphazardly throughout the organization.
· Conduct/coordinate online or in-person training to keep compliance top of mind. We recommend proper education as soon as a new employee comes on board as well as quarterly training.
· Maintain all the documentation required for compliance, like backup plans and communication standards.
· Liaise with federal and state regulators, as necessary, to prevent or mitigate an issue (with the support of your IT team and legal team).
You can have the most current technology in place and the greatest compliance officer on staff and still fail at compliance if your employees are not onboard. At the end of the day, it comes down to successful employee implementation and clear communication. In order to achieve this, we recommend taking the following steps:
· Gather everyone together: When you first adjust your company’s security protocols to ensure compliance, explain the reasoning to your team. If employees need to remember 16-character passwords, replace those passwords every 90 days, and have 5-minute time outs on their systems, they would probably like to understand why the changes are being made. Your IT team should help conduct this meeting.
· Send regular reminders: It’s simple to fall into what’s “easier” rather than compliant. Consider sending a weekly or monthly compliance tip to all staff to keep it top of mind.
· Conduct ongoing trainings: These trainings should be mandatory, involve your IT team, and vary enough to stay interesting. Quarterly should be often enough unless some regulation change calls for additional meetings.
· Multi-departmental planning: Different teams have different uses for data. For example, what makes the salesperson tick may make it impossible for accounting to operate within compliance. When it comes to collecting information that must be compliant, every department must be involved in process development to create smooth operations.
Compliance is not a one-person game. It involves the whole company, team engagement, and proper education and training to be successful.