Following the Regulatory Beat: Continuous Compliance

Posted On:   March 11, 2016

Following the Regulatory Beat: Continuous Compliance

More and more industry standards and regulations promote or even mandate that organizations apply the concept of “continuous compliance”. Continuous compliance includes the reconciliation of assets and automation of data classification, alignment of technical controls, automation of compliance testing, deployment of assessment surveys, and automation of data consolidation. This approach can not only increase an organization’s compliance posture, but also its security efficacy. However, there are some real technological challenges to overcome. So how can organizations achieve continuous compliance and take advantage of the benefits of leveraging a common control framework?

The number of regulations that affect average organizations can easily exceed a dozen or more, and grow more complex by the day. This is forcing most companies to dedicate an inordinate amount of resources to governance and compliance efforts – often, in addition to a lengthy list of existing IT priorities. This typically results in a mad dash, in the months leading up to the annual audit; spent gathering the data needed just to meet the auditor’s requirements. As a result, it’s not surprising that according to a Verizon Payment Card Industry Report, for PCI DSS, compliance levels drop to 18% within just 60 days of certification.

Continuous ComplianceIn today’s threat-driven environment the bitter truth is that one can schedule an audit, but one cannot schedule a cyber-attack. This has led many industry standard bodies (e.g., Payment Card Industry) and government regulators (e.g., Office of the Comptroller of the Currency, SEC) to change their approach and incorporate the concept of continuous compliance into their regulations. These renewed guidelines encourage organizations to find ways to streamline governance processes, continuously monitor compliance and their security posture, and correlate it to business criticality. By doing so, businesses can create a closed-loop process that encompasses the definition, evaluation, remediation and analysis of an organization’s risk posture on an ongoing basis.

This article was originally posted on securityweek.com.

What our Clients are Saying
  • We at Hunter's Sales, Inc. have been doing business with US Safety and Risk Management for over eleven years. You cannot find a more professional, reliable company to handle your safety and compliance needs. W. Randall Davis goes the extra mile to be reachable twenty-four hours a day in case of any type emergency. We highly recommend US Safety and Risk Management.
    Becky Hughes
    Hunter's Sales, Inc. | General Manager
  • For the past 12 years, Mr. Randall Davis has served as a direct extension of the EnviroSmart staff and a cornerstone to our success with regulatory compliance, environmental, health and safety performance. The services we routinely provide include the transportation and disposal of hazardous waste, heavy environmental remediation, and industrial cleaning services. Mr. Davis remains an available resource to validate and advise on complex matters, bringing our team the confidence to march forward with superior services to our clients. He is by far the most experienced and educated trainer that we have ever worked with, and is always available at a moments notice. Our safety culture at EnviroSmart is the number one priority and Mr. Davis is a true leader in educating our Team in not only “how” to approach complex situations, but “why” the risks and regulations are present in the first place. The biggest distinction with Mr. Davis from other consultants is that he “Educates” rather than simply giving a training session. There is no dollar that can replace the value he brings to our organization.
    Michael Costa
    EnviroSmart | Director of Operations, REM, CFCM
  • When an experienced safety consultant is needed, call US Safety and Risk Management. W. Randall Davis has just about seen it all. He makes safety training a great learning experience by relating real stories over his many years of experience.
    Gary Cantrell
    Dulany Industries | Project & Maintenance Manager
  • US Safety and Risk Management has been our guiding light in dealing with many highly complicated challenges in environmental compliance, hazardous waste transportation, and personnel safety at our plant. Mr. Davis has represented us in formal hearings and did an excellent job in reducing fines and penalties from the regulators. We highly recommend his services.
    M. L. Wilson
    Spartan Industries | President
  • US Safety and Risk Management provided the guidance we needed for a complete OSHA training program, and facility security recommendations for the airport. Randall Davis, USSARM, conducted onsite training for our managers and employees. He exceeded our expectations with a broad range of superior expertise, and was flexible to our needs to insure complete customer service in every way. I highly recommend this company for training and trouble-shooting in complex and demanding environments such as ours. The IBEX training system is awesome. Our people retained more of the information and willingly participated in the training event like never before. These guys are the real deal.
    Josh Hite
    Columbia Airport | Operations Manager
  • For over ten years US Safety and Risk Management has provided us with insightful and relevant RCRA and DOT training. More importantly for us, Mr. Davis has helped us apply these regulations and navigate through our liabilities safely and profitably.
    Jamie Lynch, CHMM
    EMES, LLC | President
  • For approximately 2 years, US Safety and Risk Management was instrumental in providing education on environmental science to increase our knowledge in recognition and fighting pollution causes in the Savannah River. I am grateful for the many discussions and their passion for a clean and healthful water environment. Mr. Davis worked with the Georgia Ports Authority for many years, and in other areas that involve contributions to environmental safety and forensic science. We are very passionate about the cleanliness of the Savannah River and greatly appreciative of his work. US Safety and Risk Management is known to be a company with integrity, very hard working, knowledgeable, and honest.
    Deena Camacho
    Savannah Riverkeepers | Board Member & Secretary
  • US Safety and Risk Management has been a sustaining resource for our company for many years. They have provided guidance to our company on regulatory issues, across a broad spectrum of disciplines. We've always found their expertise to meet our many diverse needs.
    K. Glover
    Seagate Handling Company | Assistant Vice President
  • Safety training is usually boring. Randall has a way and knowledge to keep it interesting. In all the trainings I have been in with Randall I never dose off and I remembered what the training was about. If I could choose a Safety Director I would recommend Randall over them all.
    Charlie Rice
    Southern States Chemical | Supervisor
  • "Throughout my HSE career, I have relied on Mr. W.R. Davis, USSARM, for employee training, and as a professional consultant. His extensive real-world experience and easy-going personality make his training entertaining and memorable (IBEX Training System). His depth of knowledge on regulatory, environmental and safety issues make him an invaluable resource. I hope to continue working with Mr. Davis for years to come.
    Josh Muller, J.D.
    Nanotherapeutics | EHS Senior Manager
Safety and Risk Management Experts

11 Reflection Cove Court
Hilton Head Island, SC 29926
912.659.1421
CONTACT US