Compliance

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

Conformity in fulfilling official requirements.

Context

Humor from the New Yorker[1]

Q: I am pursuing due diligence regarding the accepted best practices having to do with theft. When I’m stealing parts from my neighbor’s car, how do I remain fully compliant and not go outside the bounds of the law?
A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance.

Problems

  • Compliance is relative. It is best to understand the context in which Compliance is claimed.
  • Health insurer Anthem announced in September 2013 that it had been certified as compliant with the HITRUST Common Security Framework. Then it revealed in February 2015 that it had fallen victim to a breach that exposed data on nearly 79 million individuals. And in a report released last week, federal regulators said the cyberattackers likely began their intrusions in February 2014, about five months after the insurer achieved HITRUST certification. [2]

Solutions

  • For compliance to have any real meaning for users it must be accompanied by an on-going Risk Assessment by those who are expert in the field.

See these wiki pages:

References

  1. Ian Frazier, Shouts and Murmurs. (2018-10-22) The New Yorker https://www.newyorker.com/magazine/2018/10/22/ask-the-compliance-expert?mbid=nl_Daily%20101518&CNDID=42580115
  2. Marianne Kolbasuk McGee , Analysis: Did Anthem's Security 'Certification' Have Value? Bank Info Security https://www.bankinfosecurity.com/analysis-did-anthems-security-certification-have-value-a-11634
  • Merriam Webster 3rd