|
Policy
and Procedures / Development and Compliance
Are you ready for an unannounced survey of your operation?
Could a formal audit uncover inconsistencies in your
operation that jeopardize your financial data (SOX) or
protected health information (PHI)? Are your procedures a common
and consistent part of your daily operation (ISO)? Is your
staff fully aware of your information security policy?
In many cases, the answers to these questions end up in
uncertainly. When an organization goes through a formal audit
or compliance review, the IT Dept is almost always
scrutinized extensively while still being required to maintain
the day today operations.
Compliance and regulatory reviews stem around a very basic
premise.
Document what you do... Do what you say you do.
Organizations
often fall into two categories. There aren't sufficient
documented policies -OR-
the polices and work guidelines are too complicated.
Audits don't have to be painful. With proper planning and
diligence a concise set of policies and procedures are drafted
so as to be consistent with your program's staff structure and
service delivery format. That, coupled with a clear
process to monitor staff compliance can help to reduce or
eliminate non compliances during an audit.
Policy Development
Audit
assessment and preparation
Compliance
Review and Staff Awareness |
