In the third and final article of Orthus to use software tools to assist in achieving and maintaining compliance levels; we continue to focus on the final set of items that needs to be done to evaluate and select compliance tools.
Talking about the line as if it is a ‘snapshot’ event is now obsolete. Harmonious correlation is what is necessary, even if the audit event is itself a “snapshot”. Constantly practice, monitoring and measuring compliance levels is needed and usually demanded. Be sure that the system you use is the ‘real time’ as you can get, it is well structured, accurately reflects the organization and supervision and is applied using a ‘stable’. It is likely that the finish line will move to the previous year due to improving standards of best practice, changes in technology platform, and evolving regulations. Because like last line has been considered one off exercise, in force today there is an ongoing “business as usual” activities should always be high on the CIO / CISO schedule and performance goals.
A compliance system should ideally include features that allow the control section and program owners to see the effects not complete the upgrade project on time. Search for a solution that integrates with the internal messaging system – especially email – so notifications to key projects approaching filling deadlines can be automated. Search for systems that can alert individuals to imminent default. If the reports within the document management subsystem have a shelf life of 12 months, then a solution should generate alarms well before the contents become out-dated with a warning that the update deadline approaches.
A consistent system needs to scale from one auditor to use tool for multi-national companies with business units in many areas – and possibly 100 users. So many programs go to start within one business unit or function and are then rolled out.
Look for a product that will not only scale, but can do so horizontally and vertically within the company. It should be capable of scaling up as well as the organization with the ability to deploy additional cases together with those already in production for the business units at the same level within the structure of the Agency, as well as above for holding or group of companies. Changes in context or floor where the solution is used should be simple and easy to effect.
ease of use
All compliance management solutions needed to reduce rather than add complexity it was to replace. In order to be effective compliance system should be easy to use. Users are these days very familiar with the browser interface. And web applications tend to scale well. Total cost of ownership is reduced in many areas, there is no thick client software to install, update and support of end points; user education and “how to” questions are minimal. Often go applications spanning many countries, looking for a solution that has customizable context-sensitive help feature.
Looking for a solution that is extensible and can be customized. The system should have the ability to recharge the units’ many standards – and be able to de-duplicate efforts where overlapping controls. In larger companies this can lead to significant optimization of the overall compliance efforts and minimize costly organization go silos where projects are often double.
There are several compliance management solution that comes pre-configured for specific standards – not least BS7799: 2005 (IOS / IEC 27001) and PCI DSS. These solutions are often too restrictive for larger organizations.
The advanced and well thought out systems also provide the ability to create custom control allows company-specific internal standards and to move. When populated such a solution can meet regulatory, compliance and legal needs of the organization exactly.
sensible modern businesses need to constantly minimize costs and increase value through innovative technology solutions like virtualization and cloud computing. However, they will also need to make these changes in a way that manages risks within acceptable limits and the restrictions imposed by the relevant regulations.
Compliance activities will be continuous, year on year with the likelihood that the new target is set either auditors or regulators. The structure of the compliance program properly and invest in compliance management solutions will prove to be a shrewd investment that will continue to reap the benefits for years to come. If organizations follow the advice stated Orthus in this article, they will help to ensure that they choose a suitable solution that will go some way to respond to tricky “are we there yet?” The question as CEO next time you are lucky enough to share a lift!.
We hope these articles have been useful in helping you to solve the compliance program problems and select the program management solution.