compliance challenges for organizations contracting with the federal government robert klotz, vp of...
DESCRIPTION
What is the Goal of Compliance? To Protect the rights of the individual To protect and secure PII (Personally Identifiable information) To instill confidence in the consumer To educate the market on the need for controlsTRANSCRIPT
< 1 >
Compliance Challenges for organizations contracting with
the Federal Government
Robert Klotz, VP of Technology at Akibia
< 2 >
Statistics
Today 200 Mandates and Regulatory laws
80 in the states and territories alone 119 federal 1 corporate
2500 + controls 85% overlap Most have monetary fines ALL have disclosure
requirements Tomorrow
Growing at a rate of 10% per year Mandates and regulations often change
< 3 >
What is the Goal of Compliance?
To Protect the rights of the individual
To protect and secure PII (Personally Identifiable information)
To instill confidence in the consumer
To educate the market on the need for controls
< 4 >
Most applicable to this group
FISMA Federal information security management act
< 5 >
Most applicable to this group
The state and territorial mandates where we are doing business (49)
Alaska Arizona Alabama Arkansas California Colorado Connecticut Delaware Virgin Islands
District of Columbia Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Washington
Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Missouri Montana West Virginia
Nebraska Nevada New Hampshire New Jersey New York North Carolina Ohio Oklahoma Oregon Wisconsin
Pennsylvania Puerto Rico Rhode Island South Carolina Tennessee Texas Utah Vermont Virginia Wyoming
< 6 >
Most applicable to this group
PCI Dss Corporate requirement for those accepting credit cards as
payment regardless of outsourcing or not SOX for publically traded companies HIPAA if you are providing employees medical
insurance or working with Hospitals
< 7 >
Why is it not Working?
Companies focus on the check box rather than the foundation
Companies manage compliance as a project rather than a process
Companies are knee jerk in how they approach compliance
Compliance is often driven at the wrong levels within the organization
Compliance has become a hindrance to doing business
< 8 >
What does this mean?
It all boils down to risk For the business For the consumer For the Government
It really is straight forward Protect the assets of the business
and by default we will find ourselves in compliance
< 9 >
How do we do that?
Number one priority: manage compliance as a process and not a project It is a cost of doing business which will not go away and
will continue to grow in complexity Incorporate it into the day to day running of the
organization
< 10 >
How do we do that?
Discover where we are weak Where does the data reside? What are we doing today?
Start with what you have Our employees are doing something document and leverage
this Document the scope of access to PII Identify the overlap in the controls
< 11 >
How do we do that?
Next Steps Identify the risk of NOT doing things to satisfy compliance Create a GAP of where you are and where you need to be
to satisfy cross compliance Monitor and document where you are throughout the
year At a bare minimum assign an individual within the
company to stay on top of this process Educate Enforce Utilize a 3rd party where possible
< 12 >
Ongoing Identify change
Regulatory Business
Assess the GAPS Simplify process Identify overlap Deliver on going training Repeat
How do we do that?
< 13 >
A Model of success
RISK
TIME
Discover Monitor Educate EnforceSensitive Data User Activity End Users
Policy and Security
Understand Risk
Reduce Risk
Governance, Risk, and Compliance Methodology
< 14 >
In Summary
Start with what you are doing today Compliance seems daunting but its not if you
incorporate as a process Compliance mandates continue to grow and
change Compliance was designed to make sure
companies are taking care of PII Compliance boils down to risk for the business Create a sustainable, repeatable process across
compliance mandates which becomes a part of doing business
Follow: DISCOVER, MONITOR, EDUCATE, ENFORCE