Background

Compliance Issues and Needs

In general, compliance means adherence to a set of generally accepted principles, which provide broad, goal-oriented direction. Regulations usually refer to a set of standards which then say what to do to comply. It is up to each organization to implement procedures, process and technology in order to comply. Implementation of this overall framework will then require awareness training of employees and a proactive audit or monitoring capability to ensure that compliance is indeed maintained. Most regulations require reporting the extent and nature of compliance.

A partial list of agencies / regulatory action that impose compliance requirements:

• HIPAA - Health Insurance Portability Accountability Act
• Sarbanes-Oxley - Public Company Accounting Reform and Investor Protection Act.
• Graham-Leach-Bliley - The Financial Modernization Act of 1999
• FERC - Federal Energy Regulatory Compliance
• FISMA – Federal Information Security Management Act
• EPA - Environmental Protection Agency
• FDA – Food and Drug Administration
• ATF – Alcohol, Tobacco and Firearms Department
• EEOC – Equal Employment Opportunity Commission
• NRC – Nuclear Regulatory Commission
• OSHA – Occupational Safety and Health Administration
• Patriot Act of 2001- Provide Appropriate Tools Required to Intercept and Obstruct Terrorism

The question: How does a single corporation or entity create a structure to implement and manage compliance with disparate requirements?

Each organization affected by any federal, state or local law is responsible for compliance. The requirements vary by industry, by law and by the written words and subsequent interpretation of the relevant law. After each passage or revision, a phalanx of services, consultants, pontifications and “magic solutions” emerge to help the harassed and time-limited management of an affected organization. Many of these services are valuable and cost effective, but often limited in terms of the overall compliance matrix. There are three critical elements for a complete and consistent approach to compliance implementation and management:

• People – it is the employees, vendors, service providers and customers who are essential to compliance.
• Process – people must operate within a policy framework, detailed standards and a replicable procedural environment.
• Technology – tools must be useful, cost-effective and appropriate, and must include the requisite metrics and tracking of both compliant and non-compliant actions.

Go to our Products and Services page to see our comprehensive approach to these issues.