olly - Fotolia

Get started Bring yourself up to speed with our introductory content.

How can a compliance management plan help enterprises avoid fatigue?

Complex compliance mandates can lead to compliance fatigue. Expert Mike Chapple explains how to develop an effective compliance management plan.

"Compliance fatigue" seems to be a growing trend with organizations trying to stay on top of multiple security compliance standards which could lead to compliance requirements getting tossed aside or deprioritized. What can enterprises do to avoid fatigue and make compliance less burdensome?

Let's face it, compliance is a tedious business. Organizations have a difficult time keeping track of the many overlapping security compliance mandates while maintaining compliance over extended periods of time. The term compliance fatigue is sometimes used to describe this difficulty, and I agree that it is a real trend. Fortunately, there are some ways enterprises can work to avoid compliance fatigue.

First, create a strong compliance management plan to ensure the organization maintains a comprehensive set of security controls that map directly to compliance obligations. Reviewing compliance management plans on an annual basis -- or more frequently -- gives organizations the opportunity to verify the status of those controls against changes in the business, risk and technology landscapes.

Second, organizations should continue to pursue any activities that may reduce the scope of their compliance programs. For example, using tokenization technology to remove payment card numbers from the processing environment can dramatically reduce the burden of PCI DSS compliance. This, in turn, reduces the occurrence of compliance fatigue.

There's not much an organization can do to make compliance management programs more exciting, but taking a few simple steps to reduce the burden of those programs goes a long way toward reducing compliance fatigue.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Take a look at Adobe's Common Controls Framework to help manage compliance controls and check out the compliance management trends of 2015

This was last published in September 2015

Dig Deeper on Security audit, compliance and standards