The Importance of a Culture of Compliance: CompuMail’s Insights
The Need for Security
CompuMail began pursuing comprehensive audits in 2009 to ensure efficient, compliant business operations and to maintain a strong multi-industry reputation. Since then, they’ve achieved many compliance goals and excelled to greater levels of assurance. In 2010, they achieved PCI and HIPAA compliance, and soon after, became compliant with FISMA, GLBA, and ISO 27002. Most recently, CompuMail completed further auditing and achieved SOC 1 and SOC 2 attestations. The time, financial investments, and company-wide dedication that CompuMail gives to security shows their perspective on how important security and compliance is.
CompuMail has gained invaluable insight while undergoing the audit process. CompuMail’s Chief Security Officer tells us, “We believe that undergoing annual internal and third-party audits is crucial to our business. Simply stating that you have the controls in place is unacceptable for the industries we focus on and the clients we serve.”
How to Create a Culture of Compliance
Creating a positive culture of compliance and driving cultural change within your organization requires strong leadership skills and a clear strategy. Does your organization have a person or team directly responsible for security and compliance management system (CMS)? Having this in place can make a significant difference for your organization. CompuMail’s strategy for involves an internal team dedicated to creating a culture of compliance.
Christine Fribley, CompuMail’s Chief Security Officer, is responsible for managing all data and physical security efforts across the organization. Her duties include, but are not limited to: management of CompuMail’s security certifications, conducting internal risk assessments and auditing, facilitation of vendor management function, and ensuring that security training requirements are met. The information security component of CompuMail’s CMS program is extremely vital to protecting the integrity and reputation of the organization and its clients. Leona Augerlavoie, CompuMail’s Compliance Officer, is responsible for establishing and maintaining CompuMail’s CMS. Her duties include, but are not limited to: oversight of the development, implementation and success of all required CMS elements, promotion of compliance activities in accordance with both internal and client core values, maximizing organizational integrity and quality of service, coordination of onsite audits, and maintaining current knowledge of regulatory/legal updates specific to the financial, healthcare and collection industries. This team allows CompuMail to continuously evaluate and add to their list of externally-validated certifications and standards to ensure ongoing compliance with the highest industry standards.
In addition to the above roles and responsibilities,CompuMail’s culture of compliance is reinforced through documentation. The Chief Security Officer and Compliance Officer continuously assess compliance needs and plan for risk mitigation, but they also create, modify, and uphold policies and procedures. This comprehensive documentation standard across the organization reinforces CompuMail’s culture of compliance and has allowed the establishment of strong continuous quality improvement practices.
When establishing your organization’s culture of compliance, communication and training is crucial for employee engagement. CompuMail’s Compliance Officer tell us, “CompuMail employees understand that their commitment to and cooperation with security and compliance, as well as established controls, is a critical component to their job and to our business. All CompuMail employees receive data security and compliance training immediately upon hiring and then on a annual mandatory basis. Security and compliance tips and updates are shared in monthly internal newsletters and in emails to keep compliance at the forefront.”
How Can Security and Compliance Benefit Your Clients?
Every organization wants their clients to be satisfied with the services they receive and confident that their sensitive data is secure. By achieving compliance with so many standards and frameworks, CompuMail demonstrates that they are accountable for upholding high standards of confidentiality and integrity while hosting, processing and printing clients’ data.
CompuMail’s Chief Security Officer states, “Without a doubt, the greatest security risks that we face are data breaches and identity theft. In this day and age, data security is not optional, as data breaches have become front page news stories, and identity theft and phishing scams are constant threats. CompuMail recognizes that there are numerous factors that can impact an organization’s risks, including but not limited to: culture, technology, innovation, new services, laws, rules, and regulations, as well as the existence and sufficiency of policies covering all areas of risks. Our security and compliance team is dedicated to protecting our assets and the assets of our clients, and our compliance achievements attest to the high standards that we have committed to upholding.”
More About CompuMail
Since 1994, CompuMail has been delivering innovative communication solutions and print and mail services to clients that span across multiple industries. They offer a robust list of solutions with unique platforms for service delivery that can meet all of your business essentials; physical and digital communications, data protection and secure portals, coupled with superior customer service and support. CompuMail cultivates lasting partnerships with their valued customers to ensure that they see the best possible results under the highest level of data security, at the most competitive price. Technology changes and business changes, but CompuMail’s commitment to service does not.