CYBERSECURITY
“ There can also be contractual requirements imposed by suppliers or customers and internal policies and procedures such as information security and fair usage policies with which organisations need to comply . Each regulation and standard often requires you to conduct periodic audits of your IT environment to ensure that you ’ re meeting the requirements . The traditional approach to this , however , is driven by manual , repetitive , and disparate compliance processes that are very labour-intensive . Each compliance requirement you add makes it more complex and timeconsuming , with additional manual processes throughout the year ,” he says .
“ Organisations driven by an overriding focus on compliance often neglect to focus sufficiently on what they need to do to keep their business and customers safe ”
MARTIN RILEY DIRECTOR OF MANAGED SECURITY SERVICES , BRIDEWELL
Is compliance culture damaging ? While understanding your business ' s responsibilities and putting the right policies and procedures in place are essential first steps towards keeping your business compliant , many believe that fostering a culture of compliance can actually be damaging to an organisation .
Martin Riley , Director of Managed Security Services at Bridewell , tells Cyber Magazine : “ Organisations driven by an overriding focus on compliance often neglect to focus sufficiently on what they need to do to keep their business and customers safe , and how to respond when the inevitable happens . Assuming a security certificate , such as ISO27001 , on its own will provide an adequate level of cyber integrity is a risky move .
44 September 2022