Compliance in the Cloud: Consequences and Benefits
Depending on how you look at it, compliance is a tough challenge that will wreak havoc on your business if you don’t stay on top of it – or a chance to benefit your business by protecting against risk and preparing for opportunity. We happen to believe it’s both. In this installment, we’ll look at the consequences of failing to keep up with compliance requirements, as well as at the benefits that being compliant can bring.
Consequences of non-compliance
- Failed audits. Failing a compliance audit isn’t the worst thing that could happen to a business. The real pain comes with what happens after you fail, when it’s time to correct the problems that led to failure in the first place. Addressing the areas of concern identified in an auditor’s report can take weeks or months and siphon off valuable internal resources in the effort. Instead of focusing on building and running the business, employees are forced to spend their time scrambling to correct problems. And if the problems aren’t corrected, things can get very bad indeed, as the next two points make clear.
- Financial costs. Fines for not complying with regulatory mandates can be steep. Penalties for willful violations of HIPAA requirements, for example, start at $1,000 per violation and can soar up to $50,000 if the violation is not corrected. Under Sarbanes-Oxley, a CEO or CFO responsible for “reckless” violations of the requirements for certifying financial records can be personally fined up to $1,000,000. If the violation is also willful, that can go up to $5,000,000. Add to that the long-term costs that come when news of the violations drives away customers, partners, and shareholders, and it’s a wonder some companies can even stay in business.
- Legal consequences. The hefty fines described above may also be accompanied by criminal sentences, not to mention by potential legal action from parties who may have been injured by a company’s failure to comply. That $5,000,000 potential fine for an executive who violates Sarbanes-Oxley certification requirements may come along with up to 20 years in prison, for example. Consider, too, that a company’s customers or others who are affected by the violations may have grounds for legal action. For example, if your company mishandles a customer’s sensitive data and it results in a financial or other loss to them, they can sue to recover damages.
Benefits of constant compliance
- Reduced business risk. Having measures in place to comply with regulations can lower not only your risk of noncompliance, but also your general business risk. Data backup is a great example. For example, if you urgently need an email or other document and it’s been deleted, a reliable, easy-to-use backup solution will enable you to find and retrieve it quickly. You’ll have the data you need to move forward with what you’re doing, and you’ll spend very little time and effort in the process.
- Uninterrupted operations. Maintaining a strategy for ongoing compliance means that when an audit is announced, it’s not nearly as big a deal as it would be otherwise. Instead of having to pull together a team at the last minute, interrupting their other everyday responsibilities in the process, you’ll be prepared to demonstrate compliance with very little additional effort. You’ll also be much more likely to pass the audit, meaning you won’t have to interrupt operations afterward to correct problems.
- Ready for opportunity. If you’re eager for business opportunities in highly regulated areas such as government or healthcare, compliance can give you a competitive edge over other contenders. For example, if a government contract for which you’re competing requires backup of cloud-based data and applications, and you already have such a system in place for compliance reasons, then you’re already automatically set to meet those contract requirements.
What to do next
The bad news is that ignoring compliance requirements comes at a high price – not just in financial costs and other direct consequences, but in lost opportunities, too. The good news is that putting measures in place to enable compliance reduces the risk that you’ll ever be in a position to face those costs – and at the same time puts your business in a better position to enjoy greater efficiency, productivity, and revenue opportunities.
Get a quick lesson in the importance of data backup in your compliance efforts in our previous post “Compliance in the Cloud: Why Backup Is Critical.” Then learn more about the frameworks that are available to help guide compliance efforts in “Compliance in the Cloud: How Frameworks Work.” Finally, put your focus on protecting data in cloud-based applications like Google Apps and Salesforce.com by checking out the Spanning webinar, “How to Prevent Data Loss and Ensure Compliance for your SaaS Applications.”