Yes, Compliance Is Like Eating All Your Vegetables
Compliance is something someone else makes you do, AKA yuck.
Compliance is laws, regulations, contracts and insurance policy terms. And failure to adhere leads to penalties, lawsuits, investigations and the chance insurance won’t cover your claims. Yuck.
But Compliance Is Meant to Keep You From Being Easy Pickings to a Hacker
Think about it from the other point of view. By making nice with compliance (like eating your kale) you can avoid fines and penalties, improve operational safety, cut your risk of cyber-attack, improve public relations, prevent attrition of clients who will more and more need their suppliers to be compliant and, if needed, make sure liability insurance claims are paid. So really compliance is one of those business rarities that can demonstrate a measurable return-on-investment.
Here Comes the Airplane, Yum Yum Yum
And compliance is coming – even if it’s not reached your office yet. It’s here in liberal states (like our own fair Commonwealth) in the form of data privacy laws. It’s coming in your cyber insurance policy. It’s coming if you want to sell to Europe. It’s coming if you process credit cards. It’s here if you deal with medical records. It’s coming if you are in the defense pipeline.
One good thing is the overlap in many of these independent demands. For instance, Massachusetts’ laws protecting the privacy of organizations’ data jibe beautifully with insurance companies’ insistence on good security hygiene.
Why You Really Should Get a Compliance Assessment
- You’ll see the gaps that exist between your current computing environment and what’s required for compliance
- You’ll get prepared for the compliance audits and/or examinations
- You’ll learn cybersecurity best practices
- You’ll have guidance about prioritizing security improvements, so you can best allocate your resources
- You’ll have the information to choose solutions and suppliers that support your compliance, so you won’t make commitments that might have to be replaced down-the-road; saving time and money
- And most of all, by seeing compliance through, you won’t be an easy-as-pie target for crooks
It’s Not as Bad as All That
By following NIST SP800-115 guidance for information security assessments, Bryley uncovers organizational and regulatory gaps. As part of the assessment we interview your personnel, document your current security policies and procedures and document your organization’s technology assets and attributes.
Bryley’s reporting provides a guide for adhering to industry best practices and achieving organizational and/or regulatory compliance.
And Bryley can help with compliance assessments for
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- Cybersecurity Maturity Model Certification (CMMC)
- Defense Federal Acquisition Regulation Supplement (DFARS)
- NIST Cybersecurity Framework (each insurer is different, but NIST guidelines are often a basis for insurers’ standards)
So if you’re ready to grit your teeth, bite the bullet and take your medicine, Bryley can help. Since 1987 Bryley has advised about having to do the tech things imposed on us by the dadgum government. For more information about getting compliant, please call 978.562.6077 or email ITExperts@Bryley.com.