Why Mere Compliance Increases Risk

On: April 4, 2014
When it comes to compliance, sometimes poor awareness training is as bad, as-if not worse, than–no training it all.

In the MediaPro article, “Why Mere Compliance Increases Risk” published in CSOonline.com, the authors state that in some cases, poor awareness training is as bad, as-if not worse than–no training it all. The Department of Health and Human Services recently confirmed that a lack of training is a common cause of HIPAA compliance difficulties. Given the poor state of awareness training in many organizations, it’s no wonder that PCI and HIPAA compliance violations are actually on the rise.

It should be obvious that there is more to “compliance” than simply doing the least one can do. For starters, ask yourself, in addition to being compliant, is your organization also competent to see that the spirit of the law is also fulfilled? Does your organization, in the true spirit of compliance, promote a culture that respects the interests of customers, patients, shareholders, and other constituents? Does everyone see themselves as responsible for the security of protected health information (PHI), credit card data, or the many other forms of personal information collected today? A growing body of case law clearly demonstrates that satisfying the letter of the law alone just won’t cut it.

Share this Article

Related Articles

Employees are motivated to protect information, thereby helping meet compliance goals. But they need good awareness training to show them how.
Compliance is Cool: Employees Want to Do the Right Thing
6 steps to GRC training success compliance training
White Paper: 6 Steps to GRC Success
See how SMUD uses interactive compliance training to make a difference in the way they do business
Custom Training Case Study: SMUD’s Compliance Training Hits Home Run
Learn how to effectively implement PCI training with our free white paper, which covers the role of security awareness in PCI compliance and best practices.
White Paper: PCI Compliance: Employee Awareness is Key