No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Continuous Compliance Keeps Organizations From Focusing on the Past

Scope of regulations makes relying on manual checks a recipe for disaster

by Alev Viggio
August 21, 2023
in Compliance
perpetual motion bird

What’s more useful to your organization: understanding your compliance posture today or where you stood six months ago? Drata’s Alev Viggio talks about the business enabler that is continuous compliance.

Imagine a home security system, complete with smart locks. Now imagine you leave your house to go to work but can’t remember whether you locked the front door. You query the app, and it cheerfully responds that you locked the front door six months ago. Is the information accurate? Sure. Is it helpful? Absolutely not.

In the security and compliance world, information becomes obsolete quickly. It doesn’t matter that you locked your door six months ago — it matters whether your door is locked right now. Why, then, are so many organizations satisfied with periodic audits and point-in-time snapshots when it comes to compliance? 

Recent research conducted by Drata revealed that just 40% of organizations review the status of their compliance controls continuously and in real time, while just 2% have reached complete continuous, automated compliance. Today that just isn’t good enough. It can cost organizations business and expose them to regulatory penalties — not to mention it may leave them at risk for an attack.

Getting rid of the ‘check the box’ mentality

Unfortunately, a significant percentage of organizations continue to view compliance as little more than a box to be checked, a burdensome requirement with little benefit to the business. In a historical context, this is easy to understand. Before automated tools, compliance had to be done manually. That meant diverting resources from other business-essential areas to conduct an audit that ultimately produced only a point-in-time snapshot.

For startups and other resource-constrained businesses, this loss of productivity and momentum could be particularly detrimental. The result is that many of them choose to kick the compliance can down the road — but this can have real consequences. For example, a Type 2 SOC 2 attestation report, the version most potential partners will want to see, gauges data security effectiveness over six months to a year, meaning that it can take well over a year of planning and execution to generate a good report. It also requires dedication to ensure the company remains in full compliance until the next audit. 

On the other hand, data privacy regulations like the California Consumer Privacy Act and the EU’s GDPR don’t involve periodic audits, which makes them easier for companies to put out of mind. It’s easy to tell yourself that you don’t need to worry about CCPA or GDPR until something happens, but by then it can be too late. CCPA, for example, gives companies just 30 days to remediate data privacy issues once they have been detected. Failure to do so can result in a hefty fine, but a company that has not prioritized data security compliance may find it extremely difficult to do so in just 30 days. The reality is that companies need to be planning ahead at all times — not just for the compliance standards that apply to them now but for the standards that are likely to apply to them in the future.

The cost of noncompliance is growing

In 2022, California reached a $1.2 million settlement with Sephora over alleged CCPA violations, and California Attorney General Rob Bonita said at the time that Sephora “failed to disclose to consumers that it was selling their personal information, that it failed to process user requests to opt out of sale via user-enabled global privacy controls in violation of the CCPA, and that it did not cure these violations within the 30-day period currently allowed by the CCPA.” 

The resulting settlement was the first of its kind, but it will most certainly not be the last. Under CCPA regulations, Sephora’s hit could have been significantly worse. And with CCPA soon to give way to the more stringent California Privacy Rights Act (CPRA), California is only growing more dedicated to enforcing data privacy regulations. They aren’t alone, either — Colorado, Connecticut, Utah and Virginia have all enacted their own data privacy laws, with more states hot on their heels. The European Union has GDPR, and the UK has plans to enact similar legislation of its own. For businesses operating across America and the globe, noncompliance with data privacy regulations puts businesses at an ever-increasing risk of incurring steep financial penalties.

Of course, frameworks like SOC 2 are not government regulations, so noncompliance doesn’t come with the risk of a fine. However, as more and more businesses gather significant amounts of data, a clean SOC 2 attestation has essentially become a requirement. A poor SOC 2 report — or worse, no SOC 2 report — will probably result in lost business. Complying with standards like SOC 2 may not be mandatory in the traditional sense, but for organizations that want to retain and grow their business, they are essential.

building block wall
Compliance

Biometrics & AI Among Modern Solutions to ID Verification

by Colum Lyons
July 31, 2023

Banks and financial institutions subject to anti-money laundering and know your customer regulations are old hands at understanding the importance of ID verification. But as ID-Pal’s Colum Lyons sees it, ID verification is a load-bearing wall, regardless of industry.

Read moreDetails

Automation saves time, limits risk & generates business

Rather than conducting audits at regular intervals, automation allows organizations to see how their security controls stack up against compliance requirements on an ongoing basis. Thanks to continuous testing and verification, vulnerabilities and misconfigurations can be identified and remediated in real time, enabling any lapses in compliance to be addressed swiftly. Today’s automated compliance tools can help organizations more easily visualize where potential gaps in coverage exist, eliminating blind spots and reducing the time needed to respond to risk vulnerabilities and breaches in policy.

This is critical, because the volume of data businesses handle is increasing exponentially, and where that data lives is becoming progressively more decentralized. Data is spread across servers, data centers, cloud storage and even local devices like laptops, smartphones, point-of-sale stations and other locations. Manually maintaining and validating compliance across this sprawling network architecture requires a significant investment of both time and resources. It can demand thousands of hours from IT and security employees whose time is almost certainly better spent elsewhere.

Automation is also not subject to problems like human error, which means it doesn’t just enable compliance to be maintained on a continuous basis but can increase the accuracy of those efforts as well. Data protection has never been a hotter issue than it is right now, and the ability to show proof of continuous, secure and compliant protocols will only become more and more pertinent as time goes on. A clear, continuous and accurate compliance record can go a long way toward generating trust.

That trust can then be used as a business accelerator, helping organizations quickly and easily demonstrate their compliance status when cultivating new relationships. While compliance is hardly the only factor, it is an important one — and a poor compliance track record can result in reputational damage, leading to lost business. Relationships are built on trust, and prioritizing compliance on an automated and continuous basis can give potential partners and customers the confidence needed to trust you with their business and their data.

Whether their motivation is to secure additional business, avoid costly fines and penalties, or increase worker productivity, it is clear that prioritizing continuous and automated compliance can have a significant positive impact for today’s businesses. Organizations have long considered compliance a burden, and their reasons were understandable. 

But as automated compliance tools become increasingly sophisticated, there is little reason for businesses to limit themselves to cumbersome and time-consuming manual validation practices. Instead, embracing automated and continuous compliance practices can ensure organizations and their partners, customers, and even auditors have the information they need, when they need it. 


Tags: AutomationTechnology
Previous Post

Don’t Forget BEA’s Ongoing BE-13 Survey of Foreign Direct Investments

Next Post

SEC’s New Cybersecurity Rules Have Global Reach

Alev Viggio

Alev Viggio

Alev Viggio is the director of compliance at Drata, a security and compliance automation provider. Prior to Drata, Alev served key compliance roles at Sigma Computing and Conga and was an internal auditor at Solihull Systems. Alev oversees Drata's compliance program and ensures adherence to frameworks, standards and regulations like SOC 2, HIPAA and GDPR.

Related Posts

imessage on phone

The Hidden Compliance Risks Lurking in Your iMessages

by Harriet Christie
March 3, 2025

How end-to-end encryption and lack of native archiving tools complicate regulatory compliance

remote worker not at desk

The Unseen Risks of Remote Work: Stopping Employee Fraud Before It Starts

by Prakash Santhana
February 3, 2025

From unauthorized data access to BYOD risks, hybrid work demands smarter strategies to combat employee fraud before it escalates

GAN Integrity Buyers Guide to TPRM Software

Buyer’s Guide to TPRM Software

by Corporate Compliance Insights
January 14, 2025

Simplify your third-party risk management software selection Buyer's Guide Guide to Third-Party Risk Management Software What’s in this guide from...

GAN Integrity Buyers Guide to Corporate Compliance Software

Ultimate Buyers’ Guide to Corporate Compliance Software

by Corporate Compliance Insights
November 19, 2024

Take the complexity out of compliance Buyers’ Guide Ultimate Guide to Corporate Compliance Software What’s in this guide from GAN...

Next Post
An emblem on the SEC building

SEC’s New Cybersecurity Rules Have Global Reach

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights