Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit some time and resources in order to apply security standards and achieve compliance.

Even so, organizations encounter challenges when it comes to maintaining their compliance with security controls for their workflows, processes and policies. This begs the question: what challenges do organizations confront in their compliance efforts? Let’s explore them one by one.

Multiple Compliance Obligations

First, organizations have multiple compliance obligations. Like I said before, they might have to comply with a variety of different regulation standards. There’s the need to maintain compliance with all of these regulations. That is a challenge. Sometimes, organization’s policies conflict with compliance frameworks. Other times, different regulations don’t agree with one another. Even if there is no program, organizations need to be careful to fine tune any compliance standards in a way that complements their business needs and workflows. They need to do so in a way where all of their compliance efforts get along and don’t run into each other.

Multi-Country Presence

Second, some organizations don’t exist within the bounds of one country only. They might have branches in different countries. This is a challenge for any organization, as that entity needs to comply with the different regulations of all the countries in which it operates. Some regulations might be tougher than others, and some standards might not always complement each other.

The Pandemic

Third, there’s the pandemic situation. Some regulators have released updates specifically in response to COVID-19. As an example, Saudi Arabia’s National Cybersecurity Authority (NCA) released a regulation in response to a virus that requires organizations to have minimum (Read more...)