COMPLIANCE Q&A

If I need compliance auditing due to my industry requirements, what do I need to do?

The first step is to determine which industry standards you will be audited against.  Once you understand the standards expected by your industry, River Run can help you prepare for a compliance audit.  Our team is experienced at preparing for a wide range of audits and we are always willing to provide our experience and insight to help ensure a successful audit experience for your organization. 

Why should I worry about compliance?  I am not having any issues.

The old adage “If it isn’t broken, don’t fix it” is no longer a sufficient approach to compliance with standards for data protection.  With increasing frequency, your partners and clients will require your organization to prove that you are compliant with the data protection expectations of both your industry and theirs. You should expect that within the next 3 years most companies will require data protection standards to be met by all their partners.  River Run can review the compliance standards of your industry and help to prepare you so that when that day comes, you will be ahead of the game.

What is the difference between being prepared for an audit and the actual audit?

Regardless of your industry, it is crucial to maintain an awareness of each of the various types of IT and data compliance audits that your organization may be subject to.  As an IT consulting firm, River Run is ideally positioned both to assist you in identifying these types, and to help you be prepared for the audit itself.

How can River Run help me be prepared?

River Run follows a 3-Step Process. First, we help you identify the types of IT and data compliance audits you may be subjected to. Second, we review the standards that you will be held to, and use that information to compare what you have with what you are required to have.  Finally, we offer recommendations on the next best steps to prepare for any data-related audits.  In most cases, we can give clear direction on how to make the necessary changes to your data protection, so that, when the time comes, the auditing process will be as painless as possible.

If I have an internal IT – why can’t River Run audit me?

Compliance agencies offer very limited and extremely labor-intensive processes to be certified. These certifications are typically pursued by teams dedicated exclusively to performing audits. In order to maintain objectivity and credibility, these teams typically do not engage in remediation – that is, while they identify the problem, they do not engage in correcting the problems. They do so in order to alleviate any potential questions regarding conflict of interest. As a full service Information Technology partner, River Run has elected not to pursue compliance certification in recognition and respect for these concerns. This posture places our team of experienced professionals in an ideal position both to help our clients prepare for an audit, and to collaborate with them and the compliance agency to correct any issues identified during the course of the audit.  

 

For more information on compliance, visit Virtual CIO services.


Topics

 

Share this article