Do not get caught in the compliance swamp

February 2013 Security Services & Risk Management

Bradley Janse van Rensburg
Bradley Janse van Rensburg

Companies increasingly find themselves caught in a compliance bind. There seems to be a wide and growing range of laws, standards, codes, accords and best practices with which it must – or should – comply. But how, and which ones?

“It is important for companies to focus on the right things when it comes to compliance,” says Bradley Janse van Rensburg, solutions design manager at ContinuitySA. “Without that focus, they can easily get lost in the compliance swamp.”

Based on his experience in this area, Janse van Rensburg offers some best practices to help companies create a robust compliance framework that supports their overall business strategies.

* Assign executive support. This should ideally be a board member with accountability for compliance.

* Create a risk, audit and compliance function. For a small company, this might be a two-days-a-month job for an existing staff member; for a large corporation it could be a distinct department supported by a variety of independent committees. This function’s mandate should include a direct line to the board should the normal chain of command need to be bypassed.

* Confirm and document the regulations with which the company must comply. The company’s size and the industry in which it operates will have a bearing on the applicable laws and regulations to which it must comply. In addition, there may well be standards with which it wants to comply in order, for example, to gain competitive advantage, increase its resilience or reduce its insurance premiums.

The exact terms of each regulation or standard need to be taken into account – there is a world of difference between mandatory compliance and a recommendation.

* Develop an action plan. Having listed the ‘compliance components’, creating an action plan for achieving them is the logical next step. The action plan should include time frames.

* Measure, and report on, compliance regularly. Compliance is a not a once-off activity, and needs to be built into the day-to-day business processes and culture of the company. Various types of custom or off-the-shelf software can be used to automate parts of this maintenance process – but the primary need is to understand the management framework the software is supporting.

Measuring whether compliance has in fact generated the expected benefits is also an exercise that must be undertaken.

Over the long term, it is important to keep an eye on which regulations or standards are on the horizon, and, says Janse van Rensburg, to play an active role in shaping them.

“Once you have the framework in place, it is clear that the most important activity is to understand why you are complying with anything – that will help you to understand each one’s relative importance and so the resources you need to assign to it, and the benefits you need to measure,” he concludes.

For more information contact ContinuitySA, +27 (0)11 554 8050, cindy.bodenstein@continuitysa.co.za, www.continuitysa.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Vodacom and SAPS launch MySAPS mobile app
October 2019 , Security Services & Risk Management
Vodacom, in partnership with the South African Police Service, will empower citizens to contribute to their own safety as well as the safety of their communities through the newly launched MySAPS app.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Drones improve risk management
October 2019 , Security Services & Risk Management
Indwe embraces drone technology to help improve risk management and optimise insurance.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Edwards Public Address & Voice Alarm System
October 2019 , Security Services & Risk Management, Products
Carrier has added the Public Address & Voice Alarm (PAVA) range to its fire product offerings.

Read more...
ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

Read more...
Preparing your data for PoPI
September 2019 , IT infrastructure, Security Services & Risk Management
When it comes to protecting any information, the way data is secured across the value chain needs to be addressed.

Read more...