Many factors influence an organization’s decision to adopt compliance as a practice. Driving factors could be a law, such as GDPR or HIPAA, proof of due diligence for insurance, unique client requirements, raising efficacy and processes not only in security but also in operations, and even marketing and/or public relations initiatives to instill confidence in clients and partners.
This paper details the process for building a new compliance program and provides guidance on how analysts new to compliance can get up to speed on programs already in place. Common compliance frameworks and typical misconceptions about compliance are reviewed, and laws and best practices are defined.