Do not get caught in the compliance swamp

February 2013 Security Services & Risk Management

Bradley Janse van Rensburg
Bradley Janse van Rensburg

Companies increasingly find themselves caught in a compliance bind. There seems to be a wide and growing range of laws, standards, codes, accords and best practices with which it must – or should – comply. But how, and which ones?

“It is important for companies to focus on the right things when it comes to compliance,” says Bradley Janse van Rensburg, solutions design manager at ContinuitySA. “Without that focus, they can easily get lost in the compliance swamp.”

Based on his experience in this area, Janse van Rensburg offers some best practices to help companies create a robust compliance framework that supports their overall business strategies.

* Assign executive support. This should ideally be a board member with accountability for compliance.

* Create a risk, audit and compliance function. For a small company, this might be a two-days-a-month job for an existing staff member; for a large corporation it could be a distinct department supported by a variety of independent committees. This function’s mandate should include a direct line to the board should the normal chain of command need to be bypassed.

* Confirm and document the regulations with which the company must comply. The company’s size and the industry in which it operates will have a bearing on the applicable laws and regulations to which it must comply. In addition, there may well be standards with which it wants to comply in order, for example, to gain competitive advantage, increase its resilience or reduce its insurance premiums.

The exact terms of each regulation or standard need to be taken into account – there is a world of difference between mandatory compliance and a recommendation.

* Develop an action plan. Having listed the ‘compliance components’, creating an action plan for achieving them is the logical next step. The action plan should include time frames.

* Measure, and report on, compliance regularly. Compliance is a not a once-off activity, and needs to be built into the day-to-day business processes and culture of the company. Various types of custom or off-the-shelf software can be used to automate parts of this maintenance process – but the primary need is to understand the management framework the software is supporting.

Measuring whether compliance has in fact generated the expected benefits is also an exercise that must be undertaken.

Over the long term, it is important to keep an eye on which regulations or standards are on the horizon, and, says Janse van Rensburg, to play an active role in shaping them.

“Once you have the framework in place, it is clear that the most important activity is to understand why you are complying with anything – that will help you to understand each one’s relative importance and so the resources you need to assign to it, and the benefits you need to measure,” he concludes.

For more information contact ContinuitySA, +27 (0)11 554 8050,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Convergence of cyber and physical security
Integrated Solutions Security Services & Risk Management
The overlap between cybersecurity and physical security will necessitate the integration of cyber and physical security in order to enable the sharing of events to the same security operations centre.

Reduce electrical risks in commercial and industrial buildings
Security Services & Risk Management
Eaton’s new whitepaper aims to help professionals reduce electrical risks in commercial and industrial buildings and prevent faults that can endanger workers, damage property and disrupt business continuity.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Security is like infinity
Alwinco Security Services & Risk Management
Security needs constant attention, dedication and input. The scary thing is that most people think that security is something that you buy, install, and then forget about.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.