Following some work with a new client I found myself offering some basic but top tips to ensure we are effectively managing their policies and controls in alignment with its legal and regulatory frameworks.
I wish to share the top 4 with you:
#1 Link policies to controls, and controls to framework articles
- As we all know managing Compliance is very complex if not difficult – just consider how you prove compliance with
- Laws/regulations
- Regulators rules and expectations
- Best practice standards both international and professional
- Own policies and procedures
- Some policies may relate to multiple controls or directly to articles – they can also be linked across multiple frameworks, and thus, should be maintained as an inter-linked set of procedures.
- Reports are needed which show the level of coverage, so you know which articles have controls and policies in place, and which do not.
#2 Stop using a document based approach (Word/Excel)
- Using a document-based process is riddled with potential issues. With so many standards, frameworks, requirements and team members, it very quickly becomes impossible to know which is the most up-to-date content when the auditors arrive.
- A document based approach introduces a significant element of risk into the process, as well as adding an unnecessary level of administration and inefficiency into an already busy team.
#3 Centralized location for all compliance project information
- By putting all individual articles, controls and policies in one location, it makes the data accessible to all stakeholders, irrespective of location. Thus, people can collaborate seamlessly without any version control issues. This improves overall efficiency and enables your team to get more done with higher levels of accuracy.
#4 Enable your team to collaborate on policies at a granular level
- Storing each compliance element as a record that can be updated, commented on, controlled and audited individually is a key step in the process. This means you always know what changed, when, and by whom. So you can trace through any issues or questions to their source.