
Maksim Kabakou - Fotolia
Your first steps to improve international compliance
The Computer Weekly Security Think Tank considers how security leaders should best navigate the multitude of new national and multinational regulations affecting their work, and ensure their organisations remain compliant and protected
Compliance with various international and national standards where a company wants to market and/or sells its services and products outside of its home market is an area where a company’s IT security group must work in close cooperation with the business and compliance groups in order to develop a set of implementation requirements.
To keep abreast of changing security standards and requirements, the monitoring of news feeds and blogs run by professional groups and industry and manufacturing groups form a good starter for 10. Dedicated security magazines, particularly country and region specific ones are particularly useful where the country or region covered by the magazine is one of specific interest to the company’s business.
There are also a range of professional groups that an information security professional can belong to including BCS, the Chartered Institute for IT, The Chartered Institute of Information Security (CIISeC), The International Information System Security Certification Consortium (ISC2) and the Institute Of Electrical and Electronic Engineers (IEEE). These are good places to keep abreast of new and developing security standards.
Having a broad knowledge to the international security requirements is of no immediate use in maintaining a company’s compliance without knowing where and what business is to be conducted and how other non security requirements might impact security compliance.
It starts, as ever, with the business. The company’s individual business areas must be able to identify how they want sell and support products in non-domestic areas of interest. The business must then clearly articulate their needs and requirements to the compliance and IT security groups
Once the compliance and IT security groups have these business needs and requirements, detailed country and regional specific investigations can be carried out which will, hopefully, result in a series of specific requirements that can be fed back to the business and, following business review and agreement, a finalised set of requirements can be created for the IT group to implement.
The Computer Weekly Security Think Tank on regulation and compliance
- Mandy Andress, Elastic: Why CISOs should build stronger bonds with the legal function in 2025.
- Adam Stringer, PA Consulting: Why we need better cyber regulation to protect the UK from disruption.
- Nick New, Optalysys: Cyber innovation to address rising regulatory, threat burden.