How to Drive Efficiencies When Meeting Compliance Under a Deadline

Let’s say you just found out that you need to be compliant with HIPAA or PCI DSS in order to win a big piece of new business for your organization.

Whether it’s a potential customer, a partner, a regulatory body or government making the demand, business often can’t move forward without demonstrable compliance with certain frameworks. And these can be thorny, complex, and time-consuming to meet.

You’ve heard the horror stories about becoming compliant — it can take twice as long as expected to get all your requirements up to par; it can cost way more than budgeted; and sometimes organizations don’t pass an audit even after all that hard work. 

So what do you do?

We know meeting compliance isn’t a walk in the park. But if you’re prepared, you can cut to the chase a lot faster, within budget, and with fewer hiccups along the way. In this post, we’ll share a framework you can follow so you can get on the fast track to compliance. While a lot of tasks are involved in meeting compliance, there are ways to gain efficiencies as you work to meet a broad range of requirements. 

Ready to dive in? Read more “How to Drive Efficiencies When Meeting Compliance Under a Deadline”

Compliance in the Cloud: Q&A Webinar Recap

On April 25th, I had the pleasure of speaking with Ryan Buckner, Principal at Schellman & Company and Kevin Eberman, Director of Ops at MineralTree during a webinar on compliance in the cloud.

Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance. You can view the entire webinar or read our recap below. Read more “Compliance in the Cloud: Q&A Webinar Recap”

Meeting Compliance in the Cloud ≠ A Choice

In the past, we’ve talked about various ways that compliance can add value to your business. But what happens when you don’t attain or maintain compliance. (Note: In the following, we focus on PCI, but equally unpleasant consequences can result, of course, if you fail to meet other standards such as HIPAA, SOC 2, etc.). Read more “Meeting Compliance in the Cloud ≠ A Choice”

Three Good Reasons to Get Compliant Now

When things are hectic at your organization, compliance may not feel like the highest priority. If you aren’t in an industry that absolutely requires compliance, it can feel like a box to check — more of a nice-to-have than a must-do. In other cases, it may seem like a good idea . . . but one that can be kicked down the road indefinitely. However, we believe it’s a good idea to approach compliance early — often earlier than you may think.

Indeed, there are some situations in which compliance can actually move the needle in a big way for your business, either positively or negatively. Here are three specific, value-driven reasons why you should consider being proactive about compliance and get out ahead of it before it’s too late. Read more “Three Good Reasons to Get Compliant Now”

How to Verify That Compliance Controls and Processes are Being Met

Compliance is a complex, ongoing process. Between deciphering requirements into relatable terms, allocating a budget, and  assembling a team for your compliance audit — all while trying to stay focused on running your business — there’s a lot to think about and do. And after all of this, there is still more that needs to be managed.

From regular maintenance of the processes, controls, and technology you implemented, to questions from customers about your level of compliance, you’ll quickly realize that compliance is a continuous process that needs to be managed, not a one-and-done activity.

Having said that, what are you doing, or going to do, to make your compliance plan accessible so team members — from Security to IT to Sales — can quickly verify a control or process?

Read more “How to Verify That Compliance Controls and Processes are Being Met”

The Ultimate Compliance Cheat Sheet: A Wrap Up of Threat Stack’s Cloud Compliance Series

We write about compliance (and talk to customers about it) pretty regularly, and if you’ve been following our blog over the last two months, then you know we also just did a full series on the topic. In addition, we released the The Threat Stack Compliance Playbook that’s full of practical information you can use to help your company achieve compliance without losing your sanity.

Read more “The Ultimate Compliance Cheat Sheet: A Wrap Up of Threat Stack’s Cloud Compliance Series”

Allocating Resources for a Compliance Audit: A Practical Framework

When companies prepare to meet compliance, whether it’s PCI DSS, HIPAA, or SOC 2, one thing that can be estimated inaccurately is the stakeholders who need to be involved — who they are, what departments they come from within your organization, what their roles are, what knowledge and skill sets they require, how long they’ll be needed, etc. This post is intended as a practical guide to help you develop a thorough and realistic resource plan for your next compliance audit.

Read more “Allocating Resources for a Compliance Audit: A Practical Framework”

When is Good Enough Good Enough? Meeting Compliance Without Losing Your Mind

Have you heard one about the bear and the two hikers?

A bear jumps out of the bush and starts chasing two hikers. They both start running for their lives, but then one of them stops to put on his running shoes.

The first hiker says, “What are you doing? You can’t outrun a bear!”

The second hiker replies, “I don’t have to outrun the bear; I only have to outrun you!”

Compliance works in a similar way. You don’t need to be the most compliant company; you just need to meet the requirements well enough to satisfy regulators, auditors, customers, and stakeholders. And, ideally, you want to be more compliant than your competitors. That’s how you outrun the bear (err… win the customer.)

Read more “When is Good Enough Good Enough? Meeting Compliance Without Losing Your Mind”

Budgeting for a Compliance Audit: A Practical Framework

Companies can easily underestimate the investment required to meet compliance. Thinking compliance is a one-and-done activity that you can skate by with minimal spend only sets you up for unpleasant surprises later on. Compliance can be a long, drawn-out process, involving everyone including HR, finance, security, and leadership. So it’s important to look at all the costs up front in order to set aside a realistic budget.

A good way to approach compliance is to treat it like a new product launch. You’ll need a dedicated project team, new technology, a reasonable budget, and more to get it off the ground.

Read more “Budgeting for a Compliance Audit: A Practical Framework”