CIOReview
CIOREVIEW >> Compliance >>

Changes Expected with Regulatory and Security Requirements

Gretchen K. Hiley, Chief Technology Risk Officer, Crawford & Company
Gretchen K. Hiley, Chief Technology Risk Officer, Crawford & Company

Gretchen K. Hiley, Chief Technology Risk Officer, Crawford & Company

Emerging challenges in compliance

I think the biggest challenge for our team is keeping up with the pace of change in the business and technical environment. Today’s workforce is more mobile and computer-savvy than ever. Our IT departments are expected to release new applications quickly and efficiently so that our employees have quick and easy access to meaningful data at their fingertips – regardless of where they are physically located. Our customers expect that we are applying appropriate safeguards to protect their data but also want us to be easy to work with. Sometimes those goals are in conflict. As compliance professionals, we need to embrace the changes, but we are also expected to continue to comply with regulatory and security requirements. I don’t think a compliance group that continually says “no” is as effective as one that is collaborative in understanding the business objectives to be achieved and then assisting in identifying reasonable controls to address the risks and requirements. The compliance team has to be viewed as a business partner – not a gatekeeper.

Creating a link to make compliance work

As a global enterprise, sometimes it is difficult to ensure the appropriate links between our own internal organizational units. You can get bogged down dealing with varying time zones, cultural differences, language barriers, competing priorities, etc. Then you add external parties to the mix, and the situation gets even more complex. On a daily basis our employees interact with outsourcers, clients, contractors, consultants, vendors, and many other external business partners. For our organization, I think the best way to effectively manage risk is to expect every employee to be responsible for monitoring compliance. A group of compliance professionals sitting in a corporate headquarters office can’t possibly oversee everything, but the working manager responsible for the day-in and day-out transactional interactions with external parties has keen insight into what is happening or not happening. I think having a corporate compliance team is extremely important, but the attitude has to be that every individual is responsible for security and compliance. This message should be driven from the top but understood by everyone throughout the organization.

Read Also

How to Use Security Assessments to Enhance Your Security Program

How to Use Security Assessments to Enhance Your Security Program

Felipe E. Medina, VP of Information Security Architecture and Operations, BankUnited [NYSE: BKU]
In A Crisis: Cold Talent Automation versus Warm Talent Key Success Factors

In A Crisis: Cold Talent Automation versus Warm Talent Key Success...

Rob Hornbuckle, CISSP - ISSMP, CISM, CRISC, CISO and VP, Allegiant Travel Company [Nasdaq: ALGT]
Physical Security for a Confident Future

Physical Security for a Confident Future

Jana Monroe, Vice President of Global Security, Herbalife [NYSE: HLF]
Wringing Value from Every Drop

Wringing Value from Every Drop

Catherine Schladweiler, P.E.Principal, Environmental Policy and Sustainability, Tucson Electric Power Company
Resource Adequacy and Grid Flexibility Depend On Analytics for Energy Storage

Resource Adequacy and Grid Flexibility Depend On Analytics for Energy...

Sean Halloran, Vice President of Wellsite Technology at Ensign Energy Services
Renewable Energy – A More Adaptive and Responsive Choice

Renewable Energy – A More Adaptive and Responsive Choice

Warren Boutin, Director, Electric Service Support, Distributed Generation, & Supplier Services, Eversource Energy