Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Compliance Journal Authors: John Katrick, Elizabeth White, Maria C. Horton, Progress Blog, Don MacVittie

Related Topics: Compliance Journal

News Feed Item

Efficiency Gains From Harmonized Controls

OVERLAND PARK, KS--(Marketwired - May 12, 2015) - The regulations and standards that govern organizations are constantly in flux -- from PCI DSS to ADA to FCPA to SOX. New regulations come in to play, existing regulations are updated, and pre-existing regulations become relevant. Compliance is never finished.

As Paul Calatayud, CISO at SureScripts and SANS Institute information security instructor, pointed out in LockPath's recent webinar on regulatory compliance, dealing with multiple compliance frameworks at once can quickly get out of control.

In addition to federal regulations, there are state and local laws as well as best practices and other standards. Breaking down each external regulation into its single requirements -- controls -- results in hundreds, sometimes thousands, of individual controls that an organization must follow.

Challenges of complying with multiple regulations and standards include:

  • Getting a handle on all the controls. Terminology and semantics differ from one regulation to the next, but in reality, they may be requiring the same thing.
  • Managing documentation and evidence takes up more time with each new compliance framework.
  • Redundancy. Organizations often treat each new compliance framework as a separate project, but by doing this they end up doing the same work over and over.
  • Decentralized ownership of compliance frameworks also leads to redundancy and lack of visibility.

To deal with these challenges, Calatayud uses the Unified Compliance Framework (UCF) leveraged through LockPath's governance, risk and compliance (GRC) platform, Keylight. The UCF includes a content library of more than 700 regulations that are pre-mapped with more than 5,000 harmonized controls. The controls are also harmonized with one another, to ensure tracking compliance with the same control five times over doesn't happen. Managing documentation and evidence is simplified as the GRC platform serves as a central repository for all compliance activities, helping to unify different business units that may own different frameworks.

As Calatayud argued, complying with the smallest possible set of unique controls is the key to compliance efficiency. Calatayud said that harmonized controls, leveraged within a GRC platform, have saved him and his staff so much time, that they've been able to broaden their focus from just compliance.

"We now take care of internal audit, business continuity and enterprise risk management because we're not inundated with compliance management," Calatayud said. "It freed us up to think about other concepts within security, beyond compliance with that same staff."

Without a GRC platform and the UCF, Calatayud said his program would be bankrupt due to labor costs. He would only be able to focus on compliance management. As regulatory requirements continue to multiply, it is clear that organizations will need to turn to technology, such as a GRC platform, to deal with managing it all.

To view the recorded webinar, visit

About LockPath
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company's flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.

Image Available:

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.