editione1.0.0
Updated October 9, 2023Before we dig into how to achieve and maintain compliance, we really need to be clear about what compliance means and why it matters.
Definition Compliance schemes are systems of controls and requirements defined by a governing or regulatory body to achieve a certain aim. In the most part, compliance schemes aim to protect something. That something might be the health and safety of people in and around your organization; the quality, reputation, and prestige of an industry; or the security of personally identifiable or financial information.
There are three main reasons why an organization will pursue compliance with a particular scheme:
Legal regulations and the law. They may be required to meet a certain compliance standard based on the laws of the country or territory in which they operate. Not meeting compliance requirements will often mean that the law has been broken and company directors will be liable. Health and safety law is a typical example of this.
Controlled industries. There may be one or more compliance standards linked to the industry in which you operate or the way you conduct business. Financial regulations are an example, when in order to operate in specific financial markets and roles, you must achieve and maintain compliance with national or international financial regulations. On a smaller scale, companies that process or take payment on credit cards are held to a smaller but no-less-important standard—the Payment Card Industry Data Security Standard (PCI DSS).
Optional compliance standards. Finally, there are optional compliance standards. These are standards that have been developed and defined by independent (often international) bodies, and aim to improve quality, consistency, and process across an industry or element of business operations. Organizations do not have to comply with these standards or work to achieve them, but there may be benefits in choosing to do so.
important Voluntary international security standards such as the ISO27000 series are often seen as a benchmark for a healthy and mature information security program. Companies may choose to achieve this compliance certification as a benchmark they can share with partners and customers. This may be used for marketing purposes or simply to speed up the customer due diligence process when selling to larger enterprises.
The following are common schemes you may encounter, with resources for further information.
Governs the safe storage and processing of credit card information. This standard applies to all companies that process and handle credit card payments.