Internal Accountability: Monitoring Compliance

by Sarah Harvey / March 27th, 2019

Ensuring that your organization is up-to-date on compliance requirements can be an overwhelming task, and many organizations don’t know where to begin. While many resources are about becoming compliant, they don’t explain why internal accountability is important or give you actionable steps to maintain compliance. In this webinar, our Director of Regulatory Compliance, Mark Hinely, discusses the next steps your organization can take after you’ve identified your compliance requirements and will provide you with general principles that apply to any privacy program to help you improve your internal accountability processes.

Getting Over the Burnout of Pursuing Compliance

Pursuing compliance is a tedious task – one that often leaves organizations feeling burned out and reluctant to continue monitoring compliance efforts. Organizations need to recognize that compliance should be a cycle rather than a linear function. Achieving compliance isn’t a one-and-done process; it’s something that must be continuously reviewed and monitored. Threats are constantly evolving and requirements are frequently updated. If your organization neglects to monitor your compliance efforts, you’ll put yourself at risk for incurring steep fines and penalties, damaging your reputation, and putting your business continuity at risk.

What are Actual Internal Accountability Activities?

Monitoring and auditing are two internal accountability activities that organizations should use ensure compliance. These activities should be scheduled based on threats and vulnerabilities, likelihood of exploitation, and/or significance of exploitation. Generally, monitoring is going to occur much more frequently because it requires far less time than auditing. Auditing, on the other hand, is generally less frequent because it covers a larger time period, it’s performed by staff outside of the processing activities, and it requires the time commitment of independent testing. To get the most out of these two internal accountability activities, organizations must also be sure to use proper documentation, effective reporting, and implement corrective actions.

All organizations are responsible for ensuring compliance. In fact, many new data privacy laws, such as GDPR, PIPEDA, and CCPA, require internal accountability. To learn more about the processes your organization should have in place to ensure that you’re properly monitoring your compliance efforts, download the full webinar. For more information on how KirkpatrickPrice can assist you with monitoring your compliance, contact us today.