Does your business meet your industry compliance requirements?

Compliance requirements for a small and medium business and not for profit organisation are one of those things that slips to the back of the mind and stays there. To an SME, they consider the application of compliance to the organisation as a total waste of time.

This can have a detrimental effect on the business. Compliance is all about management. The management of the way you do business. To create a secure business environment that is compliant to your industry standard can be a complicated process. It is also time consuming and expensive but it doesn’t have to be.

If your business is collecting internet payments, client business information or individual personal information then you, as a business, need to protect that information as much as possible. The more information that you collect, the more protections need to be applied to that information.

You are protecting that information from unauthorised external access, accidental exposure as well as internal browsing.    Protecting that information is not only good for business but it is also good for your clients.

As I previously stated, a good management posture is critical for a good compliance system. SME’s when faced with a compliance audit panic and do not understand how it all fits together. if you live for your compliance requirements then most of those requirements that allow your business grow and prosper will actually be in place.

Good management practices consist of the following:

  • Put in processes, where possible, for what your staff do.
  • Put in procedures to track how you want the business to operate
  • Put in policies so staff understand your expectation of them as well as their expectation of the business.
  • Put in a good audit system to track internal and external access to information.
  • Introduce the best technology that your business can afford. Good firewall, VPN and wireless access.
  • Patch your technology and apply best practice to it where possible
  • Put together good DR and BC and build resilience into the organisation.
  • Talk to your staff and train them to perform at their best.

Most importantly understand your compliance requirements A compliance audit is by no means easy, but by building your business around those requirements it will be less problematic. If in doubt get a Pre compliance audit check list and make sure that you have all of the requirements in place.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply