Compliance Best Practices

Order Compliance management KitDownload Selected Pages

Compliance Management Kit10 Corporate Compliance Best Practices

Compliance is a major issue that organizations of all sizes need to address. In the information technology field they range from inadvertent information disclosure to mechanized attacks on the core business infrastructure. To address these compliance issues world class organizations implement a set of best practices for their compliance programs. Janco has identified ten such best practices and they are:

Compliance Process

  1. Board of Directors assumes compliance responsibility. The board makes it clear within the corporation and to shareholders that it is the body with ultimate authority of compliance success and failure.
  2. Management communicates its importance - Management states clear compliance goals that exceed legal minimums for the entire organization and designs a compliance program that can withstand a challenge by proactive class action attorneys
  3. Management communicates its commitment to compliance - Management provides active support with resources, staff, and messaging.
  4. Management puts in place consequences for those who do not comply - Senior management conveys (through words and conduct) that employees who do not adhere to appropriate compliance standards will be held liable for their failure and will lead to meaningful sanctions, including loss of compensation, demotion, suspension or termination.
  5. Management looks beyond compliance - They establish compliance as a competitive advantage. Utilize it a long term strategic and operational tool to improve the position of the company with its customers and in its market. Successful companies take the new standard and run with it. Those company that take that approach ensure their customers receive clear disclosures and options about what information is being gathered and shared. With their own house in order, they might decide to inform others (regulators, journalists and perhaps customers) when competitors fall short.
  6. Makes the compliance message clear and simple - Companies that understand “compliance” means ensuring they are meeting (if not exceeding) all of their legal, regulatory and ethical obligations. They also are clear about who is in charge of each category of compliance.
  7. Communicates the compliance program and objectives to everyone - Set standards that state the compliance rule, the basis for the rule and provide examples of conduct that break the rules.
  8. Provides detail policies, procedures, and  backup with training - Include Information as to where information regarding the compliance requirements can be obtained and how violations may be reported. A compliance program is only as good as its implementation. If employees don't know what is expected of them or don't know where to turn for help, there is compliance violation.
  9. Integrates compliance with business operations - Companies with successful compliance programs focus on integrating those programs into the business processes and incentive structures of the company. One example is development activities. Rather than reaching the end of a development process and having a quick “compliance review,” successful companies embed compliance design within the process, so potential issues are identified and resolved early, with limited expense.
  10. Are prepared for a breach in compliance with processes in place to address the violations - Understand that meeting compliance requirements is only the start. In many industries (the financial services, healthcare, and food & beverage industries), there are groups of extremely active plaintiff's lawyers filing class action after class action, even for relatively minor technical violations. Have processes in place to mitigate violations and have staff available who know what the risks are and what to do.

Compliance Management Toolkit Versions

Janco offers a full range of tools to help enterprises of all sizes to address these issues. The Compliance Management kit provides the infrastructure tools

In addition to the Compliance Management White Paper we provided the The Compliance Management tool kit in three (3) versions: Silver, Gold, and Platinum.

OrderCompliance Management White Paper

Compliance Management White Paper
  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.

    White Paper contains a table of manadated record retention periods and a list of all of the states and US possessions with their mandated notification requirements. Updated to include GDPR and CaCPA requirement discussion

OrderCompliance Management - Silver Edition

Compliance Management White Paper  Secuirty Audit Program  PCI Audit Program  Compliance Job Descriptions
  • Compliance Management White Paper
  • Security Audit Program - fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD.
  • PCI Audit Program - Word and PDF
  • Job Descriptions (31 key positions) - Word Format - fully editable and PDF
    • Chief Compliance Officer (CCO), Director Electronic Commerce, Manager BYOD Support, Manager Internet - Intranet Activities, Manager Internet Systems, Manager Point of Sale, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, BYOD Support Specialist, e-Commerce Coordinator, e-Commerce Coordinator Senior, e-Commerce Specialist, Internet-Intranet Administrator, On-Line Transaction Processing Analyst, PCI-DSS Administrator, PCI-DSS Coordinator, POS Coordinator, POS Hardware Coordinator, POS Senior Coordinator, Record Management Coordinator, System Administrator - Linux, System Administrator - UNIX, System Administrator - Windows, Web Analyst, Web Site Designer, Webmaster, Wireless Coordinator, and Wi-Fi Administrator

OrderCompliance Management - Gold Edition

Compliance Management White Paper Secuirty Audit Program PCI Audit Program Compliance Job Descriptions Record Management Policy Privacy Compliance Policy
  • Compliance Management White Paper
  • Security Audit Program
  • PCI Audit Program
  • Job Descriptions (31 key positions)
  • Record Classification and Management Policy - Word - Policy which complies with mandated US, EU, and ISO requirements
  • Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act

OrderCompliance Management - Platinum Edition

Compliance Management White Paper  Security Audit Program PCI Audit Program  Compliance Job Descriptions  Record Management Policy Privacy Compliance Policy  Security Manual
  • Compliance Management White Paper
  • Security Audit Program
  • PCI Audit Program
  • Job Descriptions (31 key positions)
  • Record Classification and Management
  • Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act
  • Security Manual Template - Word - 240 plus packed pages which are usable as is. Over 3,000 companies worldwide have chosen this as the basis for their best practices to meet mandated US, EU and ISO requirements

Order Compliance management KitDownload Selected Pages

See also