Best practice compliance comes from culture and process mix: PixAlert

26 Jul 2012

PixAlert's CEO Gerard Curtin

Implementing a proper compliance procedure involves developing appropriate policies and procedures, as well as fostering a strong culture within an organisation.

That’s according to a new white paper from the Dublin-based data auditing firm PixAlert and Blue Provident, a provider of tools to gather insights from company employees.

The document, ‘Integrating and Combining the Strands of Compliance’, argues that the business case for adhering to data security regulations “has never been more compelling”, in light of increasing instances of data breaches on one hand and a raft of different compliance rules on the other.

“Senior executives are under increased scrutiny not only from regulators, but also from customers, clients, stockholders and business partners to ensure security controls exist to address compliance through good governance and regulation,” said PixAlert’s CEO Gerard Curtin.

He advised taking an integrated approach to implementing a proper regulatory compliance framework and said this must involve developing and auditing policies and procedures, and developing a strong compliance culture within an organisation.

“Breaches result from failings in a combination of people, process and technology highlighting the importance of investing and focusing on all key components. It is now widely accepted that compliance is not solely achieved by spending money on technology and can only be reached through good process, robust policies and effective end-user security awareness,” the report states.

PixAlert and Blue Provident recently worked on a joint project. Curtin said this showed how two different but pragmatic strands of security could combine. This involved taking a collaborative approach to achieving compliance by understanding organisational behaviour culture, and through having clear insight into the nature, location and value of critical data assets through auditing procedures.

A culture of continuous risk management should use best practice when dealing with people and procedures. This can be achieved through auditing an organisation’s people – to ensure an efficient compliance culture is being adopted – and auditing data security to measure the effectiveness of policies and procedures.

“By helping organisations understand their compliance culture and through identifying unsecured data at risk it raises the corporate discussion on how best to tackle compliance, initiating a more proactive and inclusive approach to security and enabling a more protected environment,” said Curtin.

Gordon Smith was a contributor to Silicon Republic