Essentials for a Compliant Environment
By Seevali Fernando, Group CIO, Hoya Corporation
Compliance is gradually becoming a norm that every organization across various sectors needs to maintain. However, businesses across the globe witness certain challenges while complying with the guidelines and lack expertise that can steer them forward in this regard without compromising on their business flows. Having worked in various roles across leading organizations, Seevali Fernando, the Group CIO of HOYA Corporation talks about how to deal with the complexities associated with compliance and security.
How, in your view, has compliance evolved over the years?
Compliance is a double-edged sword from a CIO’s standpoint. While organizations need to maintain compliance at all times, they also need to ensure that compliance processes are an efficient partner to the business. The landscape is constantly evolving with continuous activities in the areas of cybersecurity and compliance including the recent introduction of the General Data Protection Regulation (GDPR) in Europe, creating difficulties for organizations in ensuring that they are compliant. Until a few years ago, there wasn’t much awareness about compliance, unlike today when it is considered a norm. Today, governments are coming to the forefront to strengthen compliance along with security considering the extensive use of social media. Usage of social media channels has become a huge phenomenon that we have to live with, and that’s more of a threat, not just for an individual but for countries and governments too. Thus, it’s becoming one of the key areas that governments are focusing on, strengthening their policies and vigilance. It’s becoming quite a challenge from the IT infrastructure perspective too.
Could you talk about some of the challenges that you faced during your tenures across different organizations in your career?
We need to ensure that we are up to date with regards to the guidelines and regulations while adhering to the specific deadlines associated with them. It’s not easy at times to drive compliance in systems as it requires a lot of effort and changes that call for huge investments. This also consumes a great deal of time, money, and resources. Many times, organizations are challenged to adhere to those policies 100 percent and many organizations struggle with that.
It’s important to be flexible in terms of maintaining compliance and at the same time ensuring that the business doesn’t get interrupted in the process
These challenges keep changing with regards to information sharing. For instance, many organizations are moving to cloud-based platforms, but with these privacy laws coming in, it’s difficult for any company to manage and host data. Organizations need to make sure that they have a good roadmap, understanding, and implementation plan as to what needs to done and also that every detail is clearly communicated to all the employees.
How can organizations deal with the compliance-related challenges?
I would recommend seeking the help of an expert with regards to compliance. It’s difficult to have such expertise within an organization so it’s appropriate to engage a third-party that considers compliance its forte. These third-parties can guide the organizations in assessments and do the remediation. With their help, an organization can ensure that it’s compliant with the regulations. Ensuring that organizations associate with these partners is important especially because the regulations keep changing.
I also think that the work culture in a company is important. It’s about how much efforts are being initiated right from the top management around the importance of such activities. It’s crucial as it takes a lot of effort to drive that culture within an organization.
What do you think are the gaps in compliance which need to be bridged and what are the trends that can be leveraged to maintain compliance?
One of the things that we internally use is information sharing and centralized communication mechanisms so that we don’t repeat the same problems that we have experienced in the past. It’s critical to have transparency and communicate all the necessary information so that any data breach or compliance-related challenges don’t prevail again. Organizations should also ensure awareness of security within the teams, and this can be done by training people for security awareness. We are also doing these things to strengthen our security and partnering with third-parties who have the expertise to help us.
What is the suggestion that you would give to decision makers across organizations?
There is no limit when it comes to the amount of money one can spend on security as it is just a form of insurance. It doesn’t make it fool-proof so CIOs need to be careful about the investments they initiate in this direction. They need to have a balance with reference to how much they spend as CIOs can easily get carried away and spend millions on it. They need to maintain a fine balance between security and how much effort they can put in investments to manage their environment.
Ultimately every company or government needs to take some risks, and that’s part of doing business, and compliance is a similar area. In my view, it’s important to be flexible in terms of maintaining compliance and at the same time ensuring that the business doesn’t get interrupted in the process.