Papers Flying

Navigating IT Compliance in Ever-Changing Industries

No matter the industry, doing business in today’s world means staying up-to-date with compliance rules and regulations. It’s a challenge for all businesses, but especially so for smaller organizations with limited resources. Whether it’s HIPAA, PCI, SOX, ICD-10 or other standards related to your unique industry, the responsibility for keeping organizations in compliance most often falls to the IT department. And depending on the size and scope of your organization, you may or may not have a dedicated compliance manager, which adds another layer to an already complex situation. With so many other things going on, how do organizations stay compliant? Here are several ways to make it easier:

Know the Rules for Your Industry — Determine which rules apply to your industry; chances are, there are multiple regulations with which you must comply. (For example, medical offices must be compliant with HIPAA, PCI and ICD-10 regulations). Remember, it is your responsibility to stay current. Once you know the rules your organization must stay compliant with, you can sign up to receive updates and critical alerts from regulators via email. These will help you plan and stay on track.

Determine Responsibility — If your organization doesn’t have a dedicated compliance manager, decide who is responsible for owning, implementing and managing the compliance process. Ensure the individual or team has adequate resources to achieve and maintain compliance. That may mean hiring additional team members or contracting with vendors who specialize in compliance for your industry.

Document a Risk Plan — Sometimes achieving compliance within a given timeframe just isn’t possible. In these situations, it’s important to understand the risks associated with non-compliance and determine mitigation strategies, such as setting aside funds to pay penalties, implementing additional checks or documenting steps and associated milestones to come into compliance. You may also be able to request additional time if you feel the timelines given to achieve compliance is not long enough, though there’s no guarantee you’ll be granted any extra time.

Define Strategy— Achieving compliance is only the first step. You will also need to create a plan to stay in compliance, taking into account all variables, including ongoing audit checks, development or updates to employee procedures, creation of procedures to ensure compliance when clients, customers or patients who are interacting with you via mobile devices or using cloud-based apps or services. As project managers plan activities for future projects (whether they be IT projects or business projects), make sure they include milestones or tasks that require them to think about any impacts their project may have on compliance requirements for your industry.

Perform a Pre-audit — Many federal regulations require an external auditing team to prove compliance. If you’re required to be in compliance with any regulations that require an audit, you’ll want to perform a pre-audit to catch and fix any issues before the regulators find them. You can hire a third-party company to perform your audit, or form a dedicated in-house team to do it.

There’s no doubt maintaining compliance in an ever-changing landscape is challenging for businesses of all sizes. But by staying informed and being proactive, you can help your organization avoid many of the pitfalls and penalties of non-compliance.

Chrystal Richardson

PM DNA Blog - by Chrystal Richardson Project Management