Security Compliance

Internal controls are defined as the practices and procedures within an organization so that an organization can meet the targets set with respect to strategy, financially, technically, resource-wise and so on (OP Financial group, 2018). Internal controls encompass all operations and relevant entities on a day to day basis (2018). In summary, internal controls are meant to run the company with integrity following the policy and objective (QuickBooks, 2018). On the other hand, external controls are referred to enforcements and oversights from government which can be federal, state, county etc. as well as industry standard bodies like ISO, NIST etc. (2018).

Hagerman (2016) define compliance as the snapshot of company’s security posture at a given time against internal or external controls. For instance, if a company is PCI (Payment Card Industry Data Security Standard) and HIPAA (Healthcare Information Portability and Accountability Act) compliant that means it has met the security standards laid down by these regulatory organizations (2016). However just merely compliant does not necessarily guarantee security, for example Target Corp. was PCI-compliant couple of months ahead of the notorious breach in late 2013 which resulted in loss of credit and debit card information. The reason is that compliance is a certification to demonstrate how well the company is meeting the security standards laid down by regulatory organization whereas strong cyber security processes and procedures protects the information from threats on a day to day basis. It is therefore important to have a solid security plan coupled with industry standard compliance to ensure strong security against the breaches (2016).

In general, all business must comply statutes and regulations enforced by government and other applicable jurisdictions (Kauffman, 2005). It’s the responsibility of business entity to ensure the compliance with regulations. However, there are some businesses which are required to follow stricter and special laws and regulations, which include medicine, law, architecture, engineering, food, pharmaceutical, accounting and so on before performing any business. For example, Occupational Safety and Health Administration (OSHA) encompass requirements with regards to health and safety if employees and customers (2005). Dodd-Frank Wall Street Reform and Consumer Protection Act applies on financial industry, Sarbanes-Oxley Act deals with accounting, fraudulent corporate practices and financial monitoring. HIPAA requires healthcare providers to ensure patient’s privacy protection (Justia, 2018).

References:

Justia (2018). Regulatory filings and Compliance. Retrieved from https://www.justia.com/administrative-law/regulatory-filings-compliance/

Kauffman (2005). Complying with government regulations. Retrieved from https://www.entrepreneurship.org/articles/2005/11/complying-with-government-regulations

Hagerman, K (2016). Security vs. Compliance. Retrieved from https://www.armor.com/blog/security-vs-compliance/

QuickBooks (2018). Compliance requirements every business must follow. Retrieved from https://quickbooks.intuit.com/r/compliance-licensing/compliance-requirements-every-business-must-follow/

OP Financial group (2018). Internal and External control. Retrieved from https://uusi.op.fi/op-financial-group/about-us/corporate-governance/internal-and-external-control