Managing Compliance in the Operations Environment
Compliance in the operations world is usually driven by some combination of acronyms and the technical and operational requirements they imply. In the government space, it may mean FISMA, DIACAP; and in the commercial space, we are most familiar with PCI, HIPAA, SOX. In an environment such as Carpathia Hosting where we have a wide variety of both commercial and federal customers, our operations organization has to be able to support our clients compliance requirements, whatever acronym they have to use.
In our experience - as confusing as meeting a single acronym can be - running an organization that has to meet and understand all of them presents a distinct set of challenges that we have worked to overcome. I’ve outlined some of these challenges below.
Ineffective and inefficient processes
Much of the work related to compliance should be routine and ingrained into the culture of the organization. This is where effective and efficient processes are critical. Complicated steps, or poor documentation, can lead to missteps and can cause unnecessary work for teams and auditors, forcing them to play “catch up”. Carpathia has spent the past 10 years refining our processes, which translates into much more efficient audits, often allowing auditors to complete their work in a matter of hours rather than weeks.
Poor communication of roles and responsibilities, internally and externally
Processes that encourage communication in clear terms are critical to meeting compliance requirements. Where teams are uncertain of their role in compliance, unclear on how to hand off information to other teams, and uncertain of customer requirements, there are bound to be items that get missed, causing poor audit results and potentially the loss of ATO, fines or even imprisonment. At Carpathia, we have developed clear roles and responsibilities, as well as efficient internal handoffs. In addition, frequent and structured communication with our clients has allowed us to clearly provide our customers with the information, reporting, and data they need to successfully meet their requirements
Poor or incomplete tool set
Tools that facilitate process and communication are vital to supporting the compliance effort. Poor integration of disparate tools will lead to confusion, wasted time and potentially missing critical data. As systems become more and more complex, data requirements are constantly changing, usually forcing new data points to be captured, stored and reported against. At Carpathia, we have a clear strategy to buy best of breed tools where possible, and build where there is nothing that provides the data and integration our customers demand.
If appropriate investments are made in process, communication and tools, much of compliance can become second nature. Here at Carpathia, we’ve made those investments throughout our operations organization over the past 10 years so our customers don’t have to.
[ Authors ]
- Jon Greaves (44)
- Brian Winter (2)
- Carpathia Hosting (15)
- Paul Roberts (3)
- Teejay Riedl (5)
- Tim Burke (1)
- Rich Thompson (2)
[ Categories ]
[ Archives ]
Archives
- April 2012
- March 2012
- February 2012
- December 2011
- October 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- February 2010
- January 2010
- December 2009
- November 2009
- September 2009
- August 2009
- June 2009
- May 2009
- March 2009
- January 2009
- January 2008
Write a comment
Posts: 2
Reply #2 on : Sun April 08, 2012, 00:07:47
Posts: 2
Reply #1 on : Fri April 06, 2012, 22:01:40