Compliance Best Practices - CCPA and GDPR

Order Compliance Management Kit  Download Selected Pages

Compliance Management Kit10 Corporate Compliance Best Practices

Compliance is a major issue that organizations of all sizes need to address. In the information technology field they range from inadvertent information disclosure to mechanized attacks on the core business infrastructure. To address these compliance issues world class organizations implement a set of best practices for their compliance programs. Janco has identified ten such best practices and they are:

Compliance Process

  1. Board of Directors assumes compliance responsibility. The board makes it clear within the corporation and to shareholders that it is the body with ultimate authority of compliance success and failure.
  2. Management communicates its importance - Management states clear compliance goals that exceed legal minimums for the entire organization and designs a compliance program that can withstand a challenge by proactive class action attorneys
  3. Management communicates its commitment to compliance - Management provides active support with resources, staff, and messaging.
  4. Management puts in place consequences for those who do not comply - Senior management conveys (through words and conduct) that employees who do not adhere to appropriate compliance standards will be held liable for their failure and will lead to meaningful sanctions, including loss of compensation, demotion, suspension or termination.
  5. Management looks beyond compliance - They establish compliance as a competitive advantage. Utilize it a long term strategic and operational tool to improve the position of the company with its customers and in its market. Successful companies take the new standard and run with it. Those company that take that approach ensure their customers receive clear disclosures and options about what information is being gathered and shared. With their own house in order, they might decide to inform others (regulators, journalists and perhaps customers) when competitors fall short.
  6. Makes the compliance message clear and simple - Companies that understand “compliance” means ensuring they are meeting (if not exceeding) all of their legal, regulatory and ethical obligations. They also are clear about who is in charge of each category of compliance.
  7. Communicates the compliance program and objectives to everyone - Set standards that state the compliance rule, the basis for the rule and provide examples of conduct that break the rules.
  8. Provides detail policies, procedures, and  backup with training - Include Information as to where information regarding the compliance requirements can be obtained and how violations may be reported. A compliance program is only as good as its implementation. If employees don't know what is expected of them or don't know where to turn for help, there is compliance violation.
  9. Integrates compliance with business operations - Companies with successful compliance programs focus on integrating those programs into the business processes and incentive structures of the company. One example is development activities. Rather than reaching the end of a development process and having a quick “compliance review,” successful companies embed compliance design within the process, so potential issues are identified and resolved early, with limited expense.
  10. Are prepared for a breach in compliance with processes in place to address the violations - Understand that meeting compliance requirements is only the start. In many industries (the financial services, healthcare, and food & beverage industries), there are groups of extremely active plaintiff's lawyers filing class action after class action, even for relatively minor technical violations. Have processes in place to mitigate violations and have staff available who know what the risks are and what to do.

Compliance Management Toolkit Versions

Janco offers a full range of tools to help enterprises of all sizes to address these issues. The Compliance Management kit provides the infrastructure tools

In addition to the Compliance Management White Paper we provided the The Compliance Management tool kit in three (3) versions: Silver, Gold, and Platinum.

Compliance Management White Paper

Order

Compliance Management White Paper
  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.

    White Paper contains a table of manadated record retention periods and a list of all of the states and US possessions with their mandated notification requirements. Updated to include GDPR and CCPA requirement discussion

Compliance Management - Silver Edition

Order

Compliance Management White Paper  Secuirty Audit Program  Secuirty Audit Program  Supply Chain Audit Program  PCI Audit Program  Compliance Job Descriptions
  • Compliance Management White Paper
  • HIPAA Audit Program
  • Security Audit Program - fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD.
  • Supply Chain ISO 28000 Audit Program -- Comes in MS EXCEL and PDF formats -- Meets ISO mandates
  • PCI Audit Program - Word and PDF
  • Compliance Management Job Descriptions (25 key positions) - Word Format - fully editable and PDF- Chief Compliance Officer (CCO), Chief Data Officer, Chief Mobility Officer, Chief Security Officer, Data Protection Officer, Director Electronic Commerce, Director IT Management and Controls, Director Sarbanes-Oxley Compliance, Manager Blockchain Architecture, Manager BYOD Support, Manager Compliance, Manager E-Commerce, Manager Enterprise Architecture, Manager Internet Systems, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, PCI-DSS Administrator, System Administrators - Linux, System Administrators - Windows, System Administrators - UNIX, Webmaster, and WiFi Network Administrator

Compliance Management - Gold Edition

Order

Compliance Management White Paper  Secuirty Audit Program  Secuirty Audit Program  Supply Chain Audit Pogram  PCI Audit Program  Compliance Job Descriptions  Record Management Policy  Privacy Compliance Policy
  • Compliance Management White Paper
  • HIPAA Audit Program
  • Security Audit Program
  • Supply Chain ISO 28000 Audit Program
  • PCI Audit Program
  • Compliance Management Job Descriptions (25 key positions)
  • Record Classification and Management Policy - Word - Policy which complies with mandated US, EU, and ISO requirements
  • Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act

Compliance Management - Platinum Edition

Order

Compliance Management White Paper  Secuirty Audit Program  Secuirty Audit Program  Supply Chain Audit Program  PCI Audit Program  Compliance Job Descriptions  Record Management Policy  Privacy Compliance Policy  Security Manual
  • Compliance Management White Paper
  • HIPAA Audit Program
  • Security Audit Program
  • Supply Chain ISO 28000 Audit Program
  • PCI Audit Program
  • Compliance Management Job Descriptions (25 key positions)
  • Record Classification and Management
  • Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act
  • Security Manual Template - Word - 240 plus packed pages which are usable as is. Over 3,000 companies worldwide have chosen this as the basis for their best practices to meet mandated US, EU and ISO requirements

Order Compliance Management Kit  Download Selected Pages

See also

  • Top 10 Reasons Compliance of Business Continuity Fails Testing is key to business continuity compliance with ISO 22301 Compliance and business continuity management are closely inter-related - ISO 22301 is just one of.

  • 5 Corporate Compliance Errors Executives Are Making 5 Corporate Compliance Errors many executives are making Compliance is never easy and even the best make mistakes on occasion. But we can learn from. . .