The Path to Compliance: Step 1 – Benchmark Your Information Risk
This three part series helps you meet compliance requirements through better information management. How you store, access and manage your paper documents and digital files is key to navigating the challenge of compliance. Many regulations directly concern data protection and security, and where they do not, proving compliance requires carefully recorded, easily accessible documentation.
Why Comply? Understand your Challenge and Benchmark your Risk
In This First Part of the Path to Compliance Series, You Will Learn How to:
- Understand the compliance challenge
Review European trends and how they impact on your business.
- Rank Your Risk
Use the online risk assessment tool to measure and benchmark your information risk. This robust tool has been developed together with PwC.
- Introduce best practice
Generate a personalised report from the Rank Your Risk tool that also includes practical tips to help you reduce your information risk.
We now create as much information every two days as we did from dawn of civilisation to 2003
IDC, IBM CMO Insight Report, October 2011
The Challenge of Compliance for European Business
There are three main trends that mean staying compliant is more challenging for your business than ever before:
The regulatory environment is increasingly complex with ever more stringent legal requirements and audit procedures. Your business needs to understand and meet a host of EU, national and industry laws. Some industries like financial services, pharmaceutical and manufacturing have very stringent laws and your information management process needs to support them. You need to know where your records are at all times, and prove compliance of data protection and information retention periods through real-time audit trails.
The Information Explosion
The sheer amount of data spirals ever upwards creating many potential compliance issues. To deal with growing information you need an efficient and consistent approach to ensure that your information, whether it is a paper record or a digital file, is stored securely and is easily accessible where and when you need it.
The European Commission and other regulatory bodies are raising financial penalties for non-compliance, increasing exposure for everybody. The combination of huge fines and reputational damage can have severe consequences for your business. You need to ensure your customer information is continually protected against unauthorised access or inadvertent destruction.
The Implications for your Business
Information security is a crucial aspect of compliance because some of the most rigorously enforced regulations with the most severe penalties, like the Data Protection Act, present risks that can only be mitigated by meticulous security procedures.
Of course businesses must balance the requirement to protect information with the need for workers to access it. Many struggle to impose order on their information landscape as records are often stored in different locations, in different formats, and subject to different rules and processes. All too often, a business tries to minimise risk by building a digital fortress around its data, only for sensitive information to walk out of the door on paper. A holistic approach to information security is needed, that includes both paper records and digital files.
The need for the data protection
Compliance with Data Protection legislation actually protects your business. The safeguarding of information has become a public concern and any security breach can cause lasting damage to your reputation. New European data protection legislation is likely to impose greater responsibility on organisations to protect against, acknowledge and report data breaches.
Further to this, losing business critical data could do even more serious damage. The fact is, most businesses never recover from irretrievable data loss. This can occur through human error, natural disaster or theft. As well as taking steps to mitigate these risks, you must also make sure that you are ready if the worst happens.
The proportion of companies that go out of business within two years of a significant data loss
Source: London Chamber of Commerce
Are you Prepared for Compliance? How to Benchmark your Business
Complete the ’Rank Your Risk report’ information assessment tool to understand your business’ level of risk, and identify areas for improvement. The quick survey takes you through a series of questions to:
- Calculate your Risk Matureity Score
- Generate a Personalised Report indicating how your Organisation sits today against the rest of Europe, your industry and your Country
- Receive practical nest steps to Reduce your Risk
The ‘Rank Your Risk’ tool was developed using PwC research, surveying senior managers at 600 leading European businesses to create Europe’s first ‘Information Risk Maturity Index’, a benchmark to help organisations evaluate their preparedness for addressing information risk.
The study reveals that many European businesses are woefully unprepared for information related risks including non-compliance. In 2012 the average risk score for European companies was a worrying 40.6 against an ideal score of 100.
“Compliance with the regulatory specifications for documentation on the part of all aircraft manufacturers, including Airbus, is vital to fulfil our legal, official, contractual and business requirements. Our continued accreditation depends on it.”
Spokesperson, General procurement department, Airbus Germany
Reduce your risk with a compliant records management programme
As well as the recommendations in the Rank Your Risk report, implementing a records management programme can enable your business to reduce costs and improve efficiencies, as well as meet the challenge of growing information compliance requirements.
Records management gives you a consistent approach making sure that paper records and digital information is stored securely and easily accessible. This ensures customer information is protected from unauthorised access or inadvertent destruction. Knowing where your records are at all times enables you to prove compliance of data protection and retention periods through real-time audit trails.
The next section in the Path to Compliance series: “Compliant Practice” gives you guidance on how to achieve a compliant records management programme. For more information and free access to the full Path to Compliance series please visit www.ironmountain.nl/compliance.