Best Practices: Meeting Compliance Challenges

What You'll Need to Achieve Compliance: Best Practices

Regardless of the particular regulations and standards affecting your business, you can start by adopting several best practices as a starting point:

• Get legal advice about what regulations your business is subject to and what you need to do to ensure compliance.
• Figure out what kind of -- and how much -- risk your business can handle, and prioritize the risks and vulnerabilities in need of remediation.
• Create an information security policy for your business and document it.
• Make sure this policy appropriately assigns responsibility for information security and determines how security events should be reported and documented.
• Establish business continuity management procedures and systems.
• Protect your operational data and your business records -- this includes restricting access to it and backing it up so that you copies should originals become corrupted or lost.
• Create and enforce an email policy that specifies what employees can and cannot send.
• Protect the privacy of the personal information your data contains.
• Adhere to rules concerning intellectual property rights.
• Ensure that your employees are trained about information security issues such as protecting passwords and recognizing scams.

The Technologies that Can Help You

Several types of technologies are critical to achieving compliance:

• Security software will protect your business against errors (accounting-based and otherwise) or malicious acts. These programs include authentication, encryption, antispyware, and per-user passwords.
• Data storage and backup/recovery systems will help you get on-demand access to business information and maintain accurate historical data that's easy to retrieve when required.
• An up-to-date communications infrastructure will enable your business to support realtime collaboration and data access both within your business and with partners, suppliers, and regulators. This includes company-wide local area networks (LANs) as well as broadband wide area networks (WANs) for inter-company activities; PC migration tools to ease transfer of data between disparate desktop systems; and accurate and timely reporting software.