Applied G2

You are here: Home » Service Offerings » Compliance Strategy

Compliance Strategy

E-mail Print PDF

The flexibility required of an organization’s processes, talent and infrastructure to support a specific growth strategy often is characterized by high intensity, short duration projects that are not always accurately matched to the skills of existing full time employees. Specialized skills combined with an objective view of steps that need to be completed to accelerate a growth transitions can often be more cost effectively handled by external subject matter experts.

Each type of growth strategy introduces challenges for employees, evolving business processes, IT & Security infrastructures as they relate to risk management, regulatory compliance and corporate governance mandates. Members of the AppliedG2 team have spent the last two decades helping clients understanding the relationship of these elements so they can safely design the supporting infrastructure to achieve the financial returns expected.  Determining the value of an organizations data & physical assets, the amount of protection provided by the current operating environment and being able to provide cost effective solutions to address any capability gaps in organizational, policy, procedure or technical compensating controls has proven valuable to our clients.

Whether it is a Private Equity or Venture Capital company or a government agency asked to expand their services to improve lives of their constituents, every organization has data and assets they need to protect from misuse, theft or unauthorized disclosure.  Public perceptions of the risk & cost of identity theft, unauthorized disclosure of confidential information, loss of investor confidence or damage to brand equity are “front of mind” with business leaders with significant financial, reputation and client retention consequences for any breach of trust.   Meeting the minimum requirements of the confusing array of government, industry and international regulations should be seen as the low water mark when it comes to asset security and privacy standards.  Your stakeholders, employees and partners deserve a higher standard of “due care” than simply implementing the most basic protection you were told you MUST do by an external entity.

Executive participation and end user education are the cornerstones for securing any business.  Setting the tone from the top is cliché but there is no substitute for senior level sponsorship to lead by example and to remind all employees that protecting digital and physical assets is a on-going requirement and not a once a year rubber stamp event.  If there is something in the business environment that poses a threat, introduces vulnerability or increases risk of fraud then be proactive and set a policy to clearly communicate expectations to limit the organization’s exposure to acceptable levels.  Setting standards and creating repeatable procedures reinforces the practical application of adherence to policy and regulatory requirements.

Finally, most security solutions sold as packages or SaaS offerings are simply tools that when properly implemented can enforce the policy and standards set by data owners and asset managers. Consider these elements when setting you budget and priorities for the upcoming fiscal year related to protecting your most important digital and physical assets:

Security products are only as good at the developers that write them…
Can only be as persistently available to support you as the architecture you built them upon…
Will carry the integrity of the firms & citizens that manufactured them….
Can only be correctly configured & consistently deployed as effectively as possible by….
The people you trained, certified, pay and trust to vigilantly maintain them.