Compliance means: to conform by fulfilling requirements. In cybersecurity, compliance refers to fulfilling specific cybersecurity requirements, outlined by a governing body. In other words, government organizations, committees, and regulatory boards develop requirements (together called standards) outlining a baseline of cybersecurity protocols. For example, a requirement might be that organizations MUST have password restrictions in place, such as length, repetitiveness, and level of difficulty.
A Compliance Officer or Compliance Manager is required to monitor all compliance standards that apply to an organization and ensure that their organization complies with them. Organizations must comply with each industry standard they fall under. For example, Canadian Blood Services stores personal information for each donor. This information is categorized as being a part of the health care industry and must follow PIPEDA (Personal Information Protection and Electronic Documents Act), which is specific to Canadian residents. If some donors are from the U.S., Canadian Blood Services would also have to adhere to HIPAA (Health Insurance Portability and Accountability Act). On top of those two standards, they also accept credit/debit card payments for donations, which means that they must also follow PCI (Payment Card Industry) standards.
Just because an organization meets all its compliance obligations on a single audit, it does not mean that organization is cyber secure. Passing a compliance audit just means that your business has met its compliance objectives on that date. Compliance and cybersecurity are not a “one and done” type of thing. Instead, compliance and cyber security are dynamic processes. Compliance standards often change. Cybersecurity is also ever-changing. What might prevent a breach today may not work tomorrow. For this reason, it is critical to manage compliance and cybersecurity daily.
At the end of the day, recovering from a data breach extends beyond a financial burden. It can also ruin your company’s reputation and customer faith in your brand. Especially if the breach was caused by a lack of compliance. To get help with managing your compliance and cybersecurity goals, contact Quick Intelligence.