How Technology is Revolutionizing Compliance Responsibilities

By Margarita Rivera-Santiago, CISSP, CISM, CRISC, CISA–Vice President of Information Security Risk & Compliance, LMC-A Lennar Company

Margarita Rivera-Santiago, CISSP, CISM, CRISC, CISA–Vice President of Information Security Risk & Compliance, LMC-A Lennar Company

Never has there been a time where regulatory compliance responsibilities are as overwhelming as they are today. Regulatory pressures for corporate compliance will only continue to increase as digital innovation disrupts the traditional and replaces it with sleek technology that processes data more efficiently than ever before. With the volume of information ever increasing, it has become harder and harder to balance between thoroughness and agility. If that is not complicated enough, the mere volume of data and variety of approaches makes it difficult to truly determining compliance. These competing demands require alternatives that do not leave organizations exposed to compliance failures.

That is where compliance technology steps in. Through the use of compliance technology, the mere nature of compliance responsibilities has shifted and will continue to shift from one of a tactical nature to more strategic. Compliance technology at its onset was nothing more than a large data storage location for documentation repository and has now evolved into a more analytically driven tool.

Compliance technology is now allowing for the parsing and analysis of information even before a set of eyes review it. Artificial intelligence, machine learning, and automation is reducing the compliance burden and allowing for compliance professionals to strategically evaluate and manage compliance initiatives.

As a publicly traded, Fortune 500 company, technology has become a necessary tool for our management of compliance risks. Whether we are reviewing regulatory compliance like Sarbanes Oxley (SOX), internal corporate compliance to policies, privacy compliance or 3rd party vendor compliance, it would not be possible without the tools available to us today.

It would cost a countless amount of resources and still not be as thorough. For example, when evaluating a new 3rd party product for use within our organization there is quite a bit of analysis that must take place to ensure that the product is secure and that the data that it will house will be protected. This analysis can take weeks if done manually. However, through the use of our 3rd party vendor risk management platform, we are able to automate the process and evaluate the product in days in a way that is more objective than previous approaches. That is because compliance technology now has built in algorithms like MITRE that help determine the external security posture of the product. Additionally, the platform allows for ongoing monitoring of our critical 3rd party providers which monitor the external security posture for the vendor and alerts us in real time when there has been a change. This reduces the amount of time and effort our staff has to spend on ensuring compliance by our 3rd party vendors. In the case of regulatory compliance requirements such as for SOX or when managing our privacy compliance to the General Data Protection Regulation and California Consumer Privacy Act, technology has enabled interactive work flows that neatly collect and organize compliance documentation and makes it readily available for audit purposes.

It is undoubtable that as technology and its associated functionalities continue to evolve, the use of compliance technology to perform day to day tactical functions and provide a platform for strategic analysis will continue to be adopted by organization. The efficiencies gained through the effective management of compliance risks make it essential for corporations to properly perform compliance functions. Furthermore, as a result, compliance roles will continue to transition from tactical to more strategic in nature making it a win-win for all.