For roughly a thousand years, from the time of Ptolemy to the time of Copernicus, educated men were quite sure that the earth was flat and the center of the universe. This made for interesting navigation charts, but the charts did exist and were used, because that was the state of the art, the state of knowledge at the time. That was simply how things were done then if you wanted to sail anywhere to engage in trade or discover new markets.
We can learn something from this example at it applies to risk compliance. Regulators may discover in five years or ten years that ‘they were doing it all wrong’, and that there is a more secure option or a better way to protect customer records or corporate networks. The recent OPM hack is a case in point. Lessons will be learned as a result and no doubt new regulations will result. This applies to corporate risk management in two ways. First, it says that there is no such thing as a bullet-proof system which will remain secure indefinitely. Second, it means that regulations are continually in flux.
Taken together, these factors will impact how you look at risk compliance. If you cannot build a bullet-proof system, you must at least build a compliant system. At some point in your enterprise’s existence, you will probably suffer a data breach on some level. At that point, your defense cannot be that you cannot be breached, so your defense must be that you made every effort at compliance. Therefore, your goal is not simply to be compliant, but to be able to prove and document consistent compliance.
For more information on how Greenlight can help address your risk compliance concerns, please contact us.
Greenlight Technologies. Enterprise Solutions. Beyond Boundaries.