Are Customers Demanding Compliance Level Security?
Are Your Customers Demanding Compliance Level Security?
As scary as this is, more and more of our customers are coming to us telling us that if they can’t prove that they are secure, they will lose business. Both business partners and customers are driving businesses to be compliant with a variety of security standards or lose the customer’s business. As a result the need for compliance level security is starting to effect all companies.
Partners and Suppliers Must Demonstrate Security Compliance or Else
In the past only large companies in health care, retail, banking, public companies and government organizations were held to a high standard of security compliance. While there have been compliance standards, only the large companies in these industries were held accountable. That has now changed so that each of these companies is now holding their suppliers and partners to the same high standards. And those requirements trickle down all the way down the food change to the smallest companies servicing these industries.
What Options Do Companies Have in Response
Companies are being held to different standards depending on their partners and customer requirements. However, there are many commonalities that will allow you to meet almost any requirements. The objective is to become “Best Practices” Secure. Most security standards have very similar requirements that vary based upon your company and the type data to be protected.
The steps in meeting security requirements are:
- 3rd party Security Risk Assessment
- Compare Results to Best practices and partner/customer requirements
- Remediate at appropriate levels all security vulnerabilities
- Validate your updated security posture by retesting
- Provide ongoing monitoring, alerting and reporting of security systems
- Update and Adjust security on an ongoing basis
Since Risk Assessments are extremely custom, they should be tailored to your company’s situation. Most commonly though, a security review, vulnerability and penetration tests and a gap analysis would be performed. Other tests can include Wi-Fi, Website tests, and phishing tests.
Once this is complete, you should be in a position to meet your partners or customers’ requirements and can safely testify that you are compliant and worthy of their business.
Penalties for Non-Compliance
Ignoring the request to be compliant by your partners or customers will likely mean lost business. Falsely testifying that you are compliant without doing the steps above will open your company up to law suits, future lost business and lost reputation.
For more information on taking steps to be compliant please visit eSecurity Solutions or contact us at 866-661-6685.