Ask the Expert: How Can I Show I’m Compliant With Regulations?

When it comes to compliance, many organizations struggle. There are several regulatory agencies, and depending on your industry, market, geographical area, or mission, your organization may be required to prove compliance with more than one set of regulations.

That’s difficult enough, but regulations often change, and that can be hard to keep up with. Yet, if your organization falls out of compliance, you could be subject to fines or other sanctions. For this reason, we often hear from business owners who need an easy way to track and prove compliance.

We believe assessments are key to proving compliance — but most businesses need to change their assessment process to track compliance effectively.

Learn more: Why narrative security assessments don’t work

Assessment & compliance: what organizations get wrong

When tracking compliance, many organizations do perform assessments, but they’re using their own in-house assessment tool – often an Excel spreadsheet. Or organizations call in consultants to take care of the assessment for them. In both cases, compliance tends to be assessed all at once, in one big audit.

There are pros and cons to each approach. You can save money by doing your own assessments, for example, and if you’re using a consultant you’ll have access to the expertise of a professional.

On the downside, neither approach scales well. Excel spreadsheets can become unwieldy if you’re evaluating several sites – it’s hard to track results in a spreadsheet, and they don’t offer you an actionable list of things that need to be done in order to get up to code. It’s also hard to catch up on compliance if you fall behind.

As for consultants, it can be costly to send consultants to several sites, particularly if you’re using a team and trying to get an assessment done in a hurry. This can also lead to inconsistencies — if all the consultants aren’t using the same questionnaire or checklist, it’s likely you’ll get different results for every site.

Learn more: What You Don’t Know About Area-Based Assessments

Why compliance should be assessed every day

Compliance is a lot like doing the dishes. You need to be compliant with regulations every day, just like you need to eat off clean dishes every day. If you let your compliance go until the last minute, it’s like letting dishes pile up in the sink until you can’t ignore them anymore — you end up with a big, intimidating project.

My biggest advice to any business managing compliance is to evaluate it regularly; daily or weekly. Tackle a few small things every day, and invest in a tool that lets you easily monitor your compliance, and which keeps you up to date with changing regulations and rules. If the regulations you need to keep up with are complex, form a compliance committee that will help you keep on top of compliance.

By keeping up with compliance, you can avoid fines and keep your organization safe and secure.

Need help keeping up with compliance? Schedule your personalized demo today.

About the Author

Daniel Young

Founder & Chief Innovation Officer

Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.

He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.