Legal, Governance & Compliance
Seems like every week, there’s some regulatory compliance that we have to adhere to, or our organizations are asked to “prove” that our internal security meets some type of compliance standard (HIPAA, GDPR, 21CFR, PCI, etc) in order for us to do business, get business insurance renewed, etc.
CCO helps organizations understand what tools, technologies, solutions, and options are available to them in addressing the various compliance regulations, and rolls its sleeves up to get organizations in line with the required compliance standards.
To better understand how this has worked in the past, here’s an example of the services CCO provided to a customer a few months ago…
Background: One of CCO’s long time customers is an engineering consulting firm with offices around the world. For every client they do business with these days, there comes an onboarding process and contract that latest requires a security and compliance checklist querying whether the firm has security policies, audits, meets the standards, and complies by various compliance regulations.
CCO’s Involvement: CCO’s consultants have written books on security and compliance, and for years have built expertise and best practices in addressing the various compliance and regulatory standards in front of organizations.
CCO’s Solution: CCO met with the organization’s I.T. team to understand the request they were getting from their legal and compliance office. This meeting led to a direct meeting with those in Risk Management to best understand the needs and expectations of the compliance team, what existing policies and legal standards exist in the organization, and an opportunity for CCO to share with the legal and I.T. teams how other organizations are addressing the various regulatory standards and cybersecurity requests and requirements.
CCO’s consultants took the requirements of legal, compliance, and I.T. and quickly built a roadmap that addresses security from critical identity and information access, through data classification and data access, to content collaboration and sharing (both internal and external), to logging and reporting as deemed necessary to provide external auditors. Much of the tools and technologies are built-in to the products and services the organization already uses (like Microsoft’s Office 365, or Oracle Cloud, or Windows and Mac systems), however CCO leveraged years of consolidating and documenting this information to result in an accelerated timeframe to help the organization meet the requirements of their Risk Management team and auditors.
The End Result: CCO’s knowledge and experience in the area of legal, governance, and compliance along with hands-on expertise in technologies helps organizations get to a working solution based on best practices CCO has developed and implemented in many organizations around the globe!