07 Jun Why Compliance Makes for Good Business
Millions of companies fall under specific industry IT security and privacy regulations such as PCI, HIPAA and GDPR. However, those not REQUIRED to be in compliance with these standards should act is if they are – being in compliance is good security and data privacy discipline.
There are many areas of liability and risk that come from not protecting data. You can be sued by customers or partners, run afoul of an increasing number of state and federal laws relating to data privacy and data breaches, be in violation of contracts, fail to meet industry or licensing requirements, or not live up to the terms of various insurance policies.
Compliance as a Business Enabler and Customer Confidence Booster
Instead of thinking of compliance as a bureaucratic and IT hassle that adds no value, think of compliance as a business enabler and positive influence. Good compliance reduces risk and creates a culture of ethics, fairness, corporate governance, and customer care.
With tight compliance, your client will have less to fear from fines, lawsuits, bad publicity from data breaches and data exposure, and state or federal prosecutions. At the same time, your client will gain the confidence of customers, prospects, partners, and investors.
Data Breach Laws Toughen
Government agencies at all levels have been beefing up data breach prevention and reporting laws that apply to all companies that have any private customer data, not just credit card information. In fact, the vast majority of states in the US legally mandate the protection of Personal Identification Information (PII). This data includes social security numbers, driver’s license numbers, birth date, and bank and credit card information.
Under many of these laws, consumers can sue companies for failing to protect their information.
PII data is not just in customer databases and other obvious records systems. They also need to be protected in spreadsheets, email and other messages, scanned images and paper documents. Meanwhile, PII data is held not just on corporate servers located on-site or in the cloud databases. It also needs to be protected and managed on PCs and laptops, portable drives, smartphones and any other storage media.
This is done with layers of security such as firewalls and intrusion detection/prevention systems, modern operating systems, good patch and software update management, broad use of encryption, and of course, routine internal assessments and audits.
The Federal Trade Commission Steps in
The US Federal Trade Commission (FTC), which has jurisdiction across all 50 states and US territories, is another authority to worry about.
The FTC tends to get involved after a data breach that exposes consumer PII data, especially in wide scale and highly public cases. In most cases, companies that do not take Due Care to prevent a breach and/or promptly report it, face stiff penalties. In one recent incident, the FTC a $10 million fine and $5 million in consumer redress fees for ChoicePoint.
Security and Compliance Assessments – Insurance and Peace of Mind
With the right solution, MSPs can both help their clients remain in compliance with key security and privacy regulatory standards, AND increase recurring service revenue at the same time. For example, RapidFire Tools has developed a comprehensive Compliance Process Automation platform called Audit Guru, that gives MSPs a centralized web-based portal to manage compliance with a number of different standards across their client base.
The Audit Guru platform features a powerful, task-driven workflow automation engine that guides the MSP through the complex compliance process, literally step-by-step. It also automatically gathers much of the information the MSP needs directly from the clients’ networks and computers, and allows the clients to directly input any additional information that only they would know (i.e. roles of specific individuals, policy specifics, etc.). The system combines all of this information for the MSP, and automatically generates risk reports, management plans, policies and procedures documents, and ultimately evidence of compliance.
Learn more about Audit Guru.
For more details, read our white paper Expanding Your Service Offerings with Recurring IT Assessments.