Please enter a search term to begin your search.
Simplifying compliance and risk management
How do I identify and track the regulations which impact my business?back to other questions
Choose an Authoritative Data Source
Many organizations struggle with how to go about identifying the universe of regulations which could potentially impact the business. While there is no authoritative, comprehensive source, organizations should start with the best available. For security and privacy-related regulations, the best is undoubtedly the Unified Compliance Framework (UCF). The UCF covers nearly 500 global regulations, giving organizations a great starting point for identifying the regulations with which they must comply.
TruArx can help organizations through TruComply, its IT governance, risk and compliance (IT GRC) software-as-a-service solution, and through Managed Compliance and Risk Services. For organizations who intend to identify and track compliance internally, TruComply provides a great foundation, including the UCF as a feature. For organizations who would like to outsource this process, TruArx’ Managed Compliance and Risk Services provide a comprehensive compliance management solution.
Identify Applicable Regulations
The next step is to conduct regulatory research to identify applicable standards based on common factors such as where your organization conducts business, what type of data it collects, how data is utilized, and so on. If this is the first time your organization has attempted to systematically identify regulatory requirements, the process will require interviewing stakeholders across the business including operational managers, IT, and legal.
For organizations who intend to identify and track compliance internally, TruComply provides access to the UCF and its reference links to applicable standards. For organizations who would like to outsource this process, as part of TruArx’ Managed Compliance and Risk Services, a TruArx consultant will handle all aspects of the research process, including interviews and preparation of a report deliverables.
Establish a Comprehensive Common Control Framework
Knowing what regulatory standards apply to the organization does not accomplish much without understanding what controls these standards require and going through the exercise to create a harmonized, comprehensive checklist. One of the primary benefits of using the Unified Compliance Framework is that this tedious control identification and mapping work has already been done for you.
TruComply automates this process entirely. Clients can select applicable standards/regulations and supplement them with any internally defined controls to create their organization’s control framework. With a few clicks, the organization can established a control framework covering all applicable regulatory requirements. An integral part of TruArx’ Managed Compliance and Risk Services is establishing and maintaining an organization’s control framework.
Monitor External and Internal Changes
A one-time exercise to identify applicable standards and regulations is not enough. Your organization may open an office in a new state or country, launch a customer loyalty program that collects PII, or start accepting credit cards to a name a few actions that could bring new regulations into play. Likewise, regulations and their interpretation evolve over time so what is sufficient for compliance today may be unacceptable tomorrow.
TruComply automates external compliance monitoring. TruComply’s standards and controls are significantly updated quarterly. Thus, your control framework is updated and remains current without any time-consuming analysis and manual updates. To preserve historical data integrity and enable you to easily identify changes, all controls and associated audit questions are versioned. Since no application can be aware of every change in a business which may impact compliance, we recommend a periodic internal review to identify any changes which may bring new regulations to bear or expand the scope of business processes and assets which must be compliant. TruArx’ Managed Compliance and Risk Services also include a comprehensive annual regulatory assessment as well as less formal quarterly reviews.