What happens When you have to Defend your Policies?
When budgets are up for review, most organizations justify their policy management and compliance efforts as a commitment to the prevention of unlawful conduct. However, being in compliance with regulations that are designed to prevent such conduct doesn’t mean that it won’t ever happen. When it does, the scrutiny of your systems and processes is likely to far exceed any pain that you might have experienced in managing an internal audit.
When the Lawyers Get Involved
An internal audit measures your compliance to what are, in effect, legal minimums. When an allegation is made that your company failed to meet those minimums, the policy documentation you kept, as well as the process used to create and store that documentation, comes under aggressive attack.
Inconsistencies in protocol; missing signatures that were overlooked in favor of last-minute verbal authorizations to get an update closed-out; missing attestations that were never signed or returned; or multiple draft versions of the same policy can suddenly become a problem. What might have been overlooked or ignored in the last minute rush to meet a compliance deadline can now become a significant liability.
While you may have focused on dotting every ‘i’ and crossing every ‘t’ in shepherding your policy update through the approval, sign-off and distribution steps, anything that was left by the wayside becomes fair game. Unclear authorizations, draft versions that were left on contributors’ laptops or desktops, attestations sent to a larger audience than was necessary for the scope of the policy, or even something as simple as failing to make the documentation available in other languages for employees with English as a second language, can suddenly become a huge issue for the company.
A Change of Perspective
Maintaining a focus on a future completion deadline is understandable when you are facing hard effective or renewal dates that must be met. However, when your policies have to be defended as part of a legal action, the fact that you met that deadline takes a back seat to the effectiveness of the process that got you there. Any evidence of procedural inconsistencies or lax enforcement of established protocols around data security can be used to undermine the credibility of your entire compliance department.
You might have come to anticipate the slow responders and persistent version editors over years of working with them on multiple policy creations or updates, but your choice to factor-in their idiosyncrasies rather than demanding their compliance to established policies will end up counting against you.
Our comprehensive Compliance Software Solutions can help you to manage your internal processes and procedures and give you the accurate data you need to position your company as a compliance leader. Operating on one secure SharePoint portal using templates built on industry best practices, you can manage every element of compliance workflow from policy and contract creation to management and ongoing renewal.
The opportunity to promote industry-leading compliance practices is closer than you may think. To learn more about our software now available on SharePoint On-Premise, SharePoint Online via Office 365, and as a Software-as-a-Service, schedule a demo now.