Legal Compliance Alignment – Part II

Simultaneous compliance with multiple laws and regulations can create unique challenges for most entities. Selectively, potential compliance hurdles include distinct internal management groups pursuing equivalent goals; diverse audit perspectives, priorities, and requirements; as well as confusion resulting from redundant controls. For instance, cross-compliance with the Foreign Corrupt Practices Act (FCPA), Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley Act (GLBA) may generate muddled responses regarding the importance of certain security controls for a U.S. based ‘publicly held’ corporation. To decrease potential negative effects of cross-compliance, management should seek assurance that relevant statutory, regulatory, and contractual requirements are adequately defined and documented for each information system.