Difference between revisions of "Compliance"
From MgmtWiki
(→Problems) |
(→Context) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
Humor from the New Yorker<ref>Ian Frazier, ''Shouts and Murmurs''. (2018-10-22) The New Yorker https://www.newyorker.com/magazine/2018/10/22/ask-the-compliance-expert?mbid=nl_Daily%20101518&CNDID=42580115</ref> | Humor from the New Yorker<ref>Ian Frazier, ''Shouts and Murmurs''. (2018-10-22) The New Yorker https://www.newyorker.com/magazine/2018/10/22/ask-the-compliance-expert?mbid=nl_Daily%20101518&CNDID=42580115</ref> | ||
Q: I am pursuing due diligence regarding the accepted best practices having to do with theft. When I’m stealing parts from my neighbor’s car, how do I remain fully compliant and not go outside the bounds of the law? | Q: I am pursuing due diligence regarding the accepted best practices having to do with theft. When I’m stealing parts from my neighbor’s car, how do I remain fully compliant and not go outside the bounds of the law? | ||
| − | A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance. | + | A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance. |
| + | |||
| + | Compliance: This refers to adhering to specific laws, regulations, or guidelines set by an external authority. Compliance is mandatory and involves following rules to avoid penalties or sanctions. For example, a company must comply with legal requirements such as data protection laws or environmental regulations. | ||
| + | |||
| + | Conformance: This refers to meeting the requirements of a particular standard or specification, which may be voluntary or required by contract. Conformance is more about following best practices and industry standards to ensure quality and consistency in products or services. For instance, a company might conform to ISO standards to demonstrate their commitment to quality management. | ||
==Problems== | ==Problems== | ||
| Line 12: | Line 16: | ||
==Solutions== | ==Solutions== | ||
| + | *For compliance to have any real meaning for users it must be accompanied by an on-going [[Risk Assessment]] by those who are expert in the field. | ||
See these wiki pages: | See these wiki pages: | ||
*[[Trust]] | *[[Trust]] | ||
Latest revision as of 12:25, 5 March 2025
Full Title or Meme
Conformity in fulfilling official requirements.
Context
Humor from the New Yorker[1]
Q: I am pursuing due diligence regarding the accepted best practices having to do with theft. When I’m stealing parts from my neighbor’s car, how do I remain fully compliant and not go outside the bounds of the law? A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance.
Compliance: This refers to adhering to specific laws, regulations, or guidelines set by an external authority. Compliance is mandatory and involves following rules to avoid penalties or sanctions. For example, a company must comply with legal requirements such as data protection laws or environmental regulations.
Conformance: This refers to meeting the requirements of a particular standard or specification, which may be voluntary or required by contract. Conformance is more about following best practices and industry standards to ensure quality and consistency in products or services. For instance, a company might conform to ISO standards to demonstrate their commitment to quality management.
Problems
- Compliance is relative. It is best to understand the context in which Compliance is claimed.
- Health insurer Anthem announced in September 2013 that it had been certified as compliant with the HITRUST Common Security Framework. Then it revealed in February 2015 that it had fallen victim to a breach that exposed data on nearly 79 million individuals. And in a report released last week, federal regulators said the cyberattackers likely began their intrusions in February 2014, about five months after the insurer achieved HITRUST certification. [2]
Solutions
- For compliance to have any real meaning for users it must be accompanied by an on-going Risk Assessment by those who are expert in the field.
See these wiki pages:
References
- ↑ Ian Frazier, Shouts and Murmurs. (2018-10-22) The New Yorker https://www.newyorker.com/magazine/2018/10/22/ask-the-compliance-expert?mbid=nl_Daily%20101518&CNDID=42580115
- ↑ Marianne Kolbasuk McGee , Analysis: Did Anthem's Security 'Certification' Have Value? Bank Info Security https://www.bankinfosecurity.com/analysis-did-anthems-security-certification-have-value-a-11634
- Merriam Webster 3rd
