New Whitepaper: Improving the Compliance Management Process

Improving the Compliance Management ProcessWe are excited to announce a new whitepaper that covers important compliance requirements that you are obligated to satisfy, provides some high level recommendations about what you can do to address these issues, and offers a brief overview of a tool that helps you to better manage these compliance problems.

The whitepaper is called "Improving the Compliance Management Process". One of the conclusions of the research is that only 13% of the organizations Osterman surveyed are “very satisfied” with the way that they manage regulatory compliance issues, despite the fact that 63% consider regulatory compliance to be “very important”.

Moreover, Osterman's research found that you typically spend 19% of your compliance and audit time each year on tracking requirements and another 31% on gathering and maintaining audit evidence. Because these two activities alone consume fifty percent of your compliance efforts, improving the process of just these two requirements can save you significantly on overall compliance costs both in time and budget.

There Is No "Unregulated" Industry

All organizations must deal with compliance obligations. These range from relatively minimal obligations that focus only on protection of certain types of records; to very strict obligations to monitor and sample employee communications, retain a wide range of record types for long periods of time, and to protect the confidentiality of highly sensitive customer information. Consequently, all organizations must satisfy varying levels of compliance obligations – the only difference between a “heavily” regulated vs. a “lightly” regulated one is in the number and invasiveness of the regulations that they must satisfy.

Organizations in some of the more regulated industries – for example, financial services, insurance, healthcare, energy, government, education and life sciences – must deal with a large and growing number of compliance obligations. A failure to satisfy these obligations can result in serious consequences, including fines, sanctions or even business closure.

Complicating the problem is the fact that there are regulations at the federal, state and local level; not to mention the variety of industry-focused and international regulations that organizations must satisfy. Moreover, many of these regulations are in a continual state of flux as regulators modify and add to the body of regulations to which organizations are subject.

Ten Thousand Commandments

Washington set a new record in 2013 by issuing 3,659 "final" rules in the
Federal Register, which means they now need to be obeyed, and 2,594 proposed
rules are on their way to becoming orders from the political headquarters.
And the feds aren't letting up, there are another 3,305 regulations moving
through the pipeline on their way to being imposed. Source WSJ 4-16-2014:

Managing Compliance Is Cumbersome And Expensive

Many organizations satisfy their compliance obligations using manual processes focused on maintaining spreadsheets or using out-of-date software to help compliance managers keep the organization as close to full compliance as possible. Moreover, compliance obligations are managed with a significant amount of labor, which drives up costs beyond where they would be if a more automated and holistic approach for compliance management were available.

To understand the high cost of conventional compliance management processes, Osterman Research conducted a survey with organizations in a variety of industries. Using a subset of their survey sample to eliminate outliers, they discovered that the combination of labor and expenditures on tools and services totals $523.93 per employee per year translates to a cost of $43.66 per month.

Next Steps

Osterman Research recommends that any organization that must satisfy compliance obligations take a multi-step approach toward reducing their compliance costs and improving their ability to satisfy its compliance obligations. The Whitepaper with these steps is available for download here.


Topics: Compliance

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews