Do you have any tips for introducing creativity and collaboration into our compliance program? We want to foster better employee participation when it comes to compliance best practices, but we're struggling to find ways to get everybody involved.
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
I can't promise a magic bullet that will suddenly make the compliance exciting, but there are some steps you can take to help better engage employees in your compliance efforts in areas where their participation matters. Here are a few compliance best practices from my experience:
- Set easily measurable goals and measure progress consistently. If you have a large number of systems to remediate, for example, set daily, weekly and monthly targets, and hang them on the wall. Let everyone see the progress the company is making and be sure the organization at large takes notice when the team meets or exceeds the set goals.
- Encourage transparency. Compliance programs are often shrouded in secrecy within an organization. If you want to engage your staff, you'll need to be upfront with them about your current status, the steps that you're taking to improve the compliance program and any challenges that may be encountered along the way.
- Be flexible. One of the best ways to engage employees in a compliance program is to let them guide it. Keep an eye out for employee innovations that might improve the compliance program and, when you see one, praise it loudly and adopt it quickly.
- Celebrate often! While you might throw a big party after reaching the end of a compliance initiative or hitting a crucial milestone, it's often more beneficial to celebrate the small successes. Bring in some doughnuts when a team exceeds a daily goal or take your top performers out for a pizza lunch each week. A little food goes a long way!
Notice anything about the advice I just offered you? There's nothing about a compliance IT management initiative that's different from managing any other program. Remember to treat your team well, empower them to control their work environment, give them the tools and resources they need, and success will follow.
Dig deeper on PCI Data Security Standard
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.