5.4 Summarize elements of effective security compliance

Question 1

Compliance

Answer 1

• Compliance Reporting: Collects and presents data to show compliance.
  
  • Internal Reporting: Checks adherence to internal policies by internal teams.
  • External Reporting: Demonstrates compliance to outside entities, often legally required.
• Compliance Monitoring: Regularly checks operations for compliance.
  
  • Due Diligence: Identifies risks through review.
  • Due Care: Takes actions to reduce risks.
  • Attestation: Formal declaration of compliance by a responsible party.
  • Acknowledgement: Acceptance of compliance requirements by relevant parties.
  • Internal and External Monitoring:
    
    • Internal: Reviews operations to ensure compliance with policies.
    • External: Third-party checks for compliance with external regulations.
• Role of Automation: Improves data collection, accuracy, and real-time monitoring.

Question 2

Non-compliance Consequences

Answer 2

• Fines: Monetary penalties from regulators.
• Sanctions: Restrictions or bans.
• Reputational Damage.
• Loss of License.
• Contractual Impacts: Breach of contracts, leading to disputes, penalties, or termination.