CHAPTER 10: LEVERAGINGREGULATORY COMPLIANCE
A well-prepared, well-organised, trusted adviser is likely to gain an audience from senior managers to talk through proposals for enabling the organisation to outperform its competitors, while removing non-compliance risk to the bottom line.
Identify a relevant law or regulation that has IT- related compliance requirements: the UK’s Data Protection Act (‘DPA’), HIPAA and GLBA in the United States, PIPEDA in Canada, and so on. Identify the gaps between your current actual practice and what the law requires you to do, focusing on the bigger issues, the areas of non- compliance which are likely to trigger the bigger problems. Under the UK’s DPA, for instance, the absence of a Fair Processing Notice on ...
Get Selling Information Security to the Board now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
