by Angela Guess
Stephen McGraw, president and CEO of Compliance 360, recently shared his insights on incorporating a compliance program into any company’s data governance strategy. The article asks, “What elements will regulators consider when determining whether a compliance program is effective? A good program starts with a firm understanding of the laws and regulations that apply to the business, says McGraw. All applicable laws and regulations should be kept in one location, and every company should have a point person who is designated to be held accountable for them. ‘The first set of controls are usually policies and procedures,’ McGraw says. They ‘should be written and should be reviewed on at least an annual basis.’”
It continues, “McGraw points out that as with policies and procedures, companies should designate someone to be accountable for documenting any failures of controls, and those failures should be put through a corrective action plan. ‘If there is a failing of a control or a concern during an assessment, that should be noted,’ he says. McGraw says that ‘by tracking all of that information, and by understanding the volume of laws, regulations, policies, and procedures—even incidences and issues that come through,’ companies can have a data set should they need to prove compliance to a regulator. McGraw says, ‘It’s one thing to say that you have a compliance program, but it’s another thing to demonstrate that you have one.’”
photo credit: Compliance 360
