Using Automation to Achieve Compliance in Business Continuity

By |2020-07-08T22:49:35+00:00July 8th, 2020|0 Comments

In today’s increasingly complex world of resilience, particularly as the country manages through the COVID-19 pandemic, compliance with a broad range of standards, regulations and other criteria has grown in importance. 

Compliance with government-issued mandates, such as new laws, regulations and even executive orders, is critical if we are to survive and emerge from the pandemic.  In this article we’ll examine how automation, leveraging technologies such as artificial intelligence (AI), can improve an organization’s ability to achieve compliance.  

When examining resilience, several existing standards, guidance documents, and audit materials addressing business continuity (BC) and disaster recovery (DR) are important to compliance.  For example, the International Organization for Standardization (ISO) has published several global standards covering a broad range of resilience issues.  Of the ISO 223XX series of standards, the most prominent BC and resilience standard is ISO 22301:2019, Security and Resilience – Business Continuity Management Systems – Requirements.  It is accepted and used worldwide. In the U.S., three key resilience standards are NFPA (National Fire Protection Association) 1600:2016, Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs and NIST (National Institute of Standards and Technology) SP 800-34, Contingency Planning Guide for Information Technology Systems, and the FFIEC (Federal Financial Institutions Examination Council) Business Continuity Handbook and Work Program (designed primarily for financial institutions but can be used in all types of businesses).  

Compliance with these important documents is considered essential for an organization to demonstrate its ability to respond to and recover from a broad range of unplanned and potential disruptive events. 

Each of the above documents is formatted to encourage compliance and to support potential audit engagements.  They can be used to identify controls for which compliance can be demonstrated.  From an audit perspective, each document’s structure simplifies the process of conducting audits of each standard’s controls.  It’s not uncommon for these activities to be performed manually, using audit and compliance tools (e.g., spreadsheets) based on the standards themselves.  Unless such compliance and audit documents are already prepared, it can take  several hours or even days to prepare tools for compliance and audit initiatives.  

Suppose it were possible to automate and simplify the audit and compliance process.  Leveraging something that might be called a “compliance engine” such a system could greatly simplify the process of examining various documents, such as policies and procedures, and creating reports that demonstrate how the company’s documents and controls support its compliance obligations.  

Recently, Diligent Corporation (www.diligent.com) unveiled a system called Diligent Compliance that examines compliance documents, activities, controls and other materials and analyzes them against specific standards, regulations and other relevant compliance content.  Leveraging AI technology, the system uses a library of compliance-related materials for comparing user-based materials to specific baselines.  The system permits users to specify how analyses are performed, define what results are to be generated, and generate reports for presentation to management.  

According to Liam Healy, Senior VP & Managing Director with Diligent, “The system also has audit capabilities to support the preparation of audit reports and to facilitate audit engagements.” He added, “It can be launched quickly and replaces traditional compliance tools such as spreadsheets or antiquated legacy systems.” For analysts performing compliance projects, the system helps facilitate collaboration among various teams across an organization.  

Healy said since the system is based on software-as-a-service (SaaS) technology, it can be remotely hosted using cloud technology or supported by managed service providers (MSP).  Automation keeps compliance and audit managers up to date on the company’s level of compliance.  “The system generates a “Quality Score” using its dashboard to flag situations where a policy or procedure may be falling out of compliance,” he added. “This way compliance becomes an ongoing, manageable activity, and preparing for audits can be greatly simplified.”

For more information visit the company’s web site at https://learn.diligent.com/compliance.

Recommend0 recommendationsPublished in Case Study, EXCLUDE FROM SME, IT Availability & Security

About the Author:

Paul Kirvan, FBCI, CISA, is an independent business resilience consultant, IT auditor, technical writer and project manager with over 25 years of experience.  Previously Mr. Kirvan was a founding board member and secretary of the Business Continuity Institute’s USA Chapter, and a member of the international board of the BCI. Mr. Kirvan is currently a Fellow of the Business Continuity Institute (FBCI) and a Certified Information Systems Auditor (CISA).
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/paulkirvan/

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.