Here’s a situation you may not have thought about. You are a partner in a professional services firm. One of your biggest clients asks you if you are PCI compliant? They tell you that all their third-party vendors must be PCI compliant to continue doing business with them. How would you answer that question?
This is a situation that comes up often. Your long-term client that you’ve done business with for years now requires all their partners to be compliant, in order to satisfy their business’s compliance regulations. That client represented 40% of your revenue the previous year. You now have two choices: get compliant or lose that revenue.
While the task to achieving compliance sounds daunting, losing business just because a process seems difficult is foolish. Below, we’ve outlined the steps you need to take to ensure your organizations compliance goals align with that of your partners.
1.Learn what is being asked
Did your client ask you to be compliant with PCI? Or GDPR? Or maybe it’s a combination of several standards. Whichever compliance requirement they asked for, make sure you understand exactly what they want you to be compliant with. Then learn all about the particular compliance standard(s) that they have asked for. This will make it easier to implement the processes needed.
2.Learn why they are required to be compliant
It is important to understand the drivers behind your partner’s request. Perhaps they are asking you to be HIPAA compliant because they’re a healthcare organization that, legally, can only do business with companies who have demonstrated HIPAA compliance? In that case, compliance is not something that is negotiable in order to do business with them. In this particular example, if you are looking to work more closely with healthcare organizations, then it is worthwhile for your organization to be able to demonstrate HIPAA compliance
3. Understand the timelines required for compliance
When a client tells you that you need to meet certain compliance regulations, it is important to find out what the timelines are to achieve compliance. Are you expected to be compliant on day one of the contract start date? Perhaps within 6 months? Many times, during the RFP process, companies want to see a demonstration of compliance within 30, 60 or 90 days. Knowing the amount of time you have to become compliant is something that can help you towards achieving those compliance goals. Even in cases where it may not be possible to achieve compliance within those time constraints, the possibility is there to keep working on your compliance objectives while nurturing the client, which could open the door to future opportunities down the road.
4.Use the right technology to measure compliance
Once you have decided to become compliant, you will need tools to help you measure and maintain compliance. In addition to tools to measure compliance, cyber security policies and software also becomes important in meeting compliance objectives. Access controls to privileged systems are a must. Zero Trust, Multifactor Authentication and Risk-Based Authentication are different ways to achieve this. Network monitoring tools are also important for noticing trends and unusual behaviour. While software alone isn’t enough to make a company compliant or secure, it is a useful tool in helping you achieve these objectives.
5. Be prepared to continuously demonstrate compliance
Now that you have become compliant, you need to continuously maintain compliance. The compliance landscape is ever-changing. Compliance standards don’t stand still, they keep evolving and changing. The risks businesses face are ever-changing. Your organization should have a proactive approach to risk management. You need to make sure they are in line with your expectations and compliance requirements. This should also be reflected in your own security strategy and policy documents.
While becoming compliant seems like a daunting task, it is something achievable when broken down into steps. It should also never be a reason to lose out on a business opportunity. Talk to Uzado today to find out how obtaining and maintain compliance can help grow your business. Download our free whitepaper today to help you get started.