Compliance in the SME sector is an interesting issue because so many small businesses aren’t regulated.
If you’re involved in insurance, pharmaceuticals or are a publicly-listed company you’ll know all about compliance, with standards to follow set out by APRA or ASIC, or similar bodies.
For the rest of us, compliance is a much talked about topic; but most businesses in the SME sector fall short of meeting any standards. It’s true that by and large we are not compelled to spend money on compliance systems. Nevertheless, doing so makes good business sense. After all, compliance ensures business continuity and security.
In Australia, each state does have data retention laws, but they have not been well publicised. In the US, they have the Sarbanes-Oxley Act, yet here the requirements are more of a well-kept secret than a known standard.
There are currently over 1,000 regulations in the US that relate to IT compliance, and Gartner has predicted that by 2012 this will have doubled. In comparison, Australia lags behind the US, while SMEs lag behind the whole compliance issue in general. But, it is safe to say that we will soon be hearing more about compliance with standards around:
- Data security;
- Protection and storage of private information; and
- Recovery requirements.
Business consulting firms and accounting practices are already performing IT audits for charities and not-for-profit organisations. This is a trend that will continue, with company directors wanting assurance that they are not going to wind up in jail for acts committed by their IT department.
The area that is most relevant to small business owners is software licensing compliance, as it is a simple matter to align licenses held with software installed. Many business owners and company directors risk serious fines and imprisonment over a lack of licensing compliance within their businesses.
Fewer of these owners and directors are aware of the risks they take with filed credit card numbers, or private client information, that – if leaked – could be grounds for serious legal action due to breach of the Privacy Act.
Complying with backup requirements and disaster recovery time frames is just good sense for many businesses, but is still misunderstood by Australia’s SME sector. It is even misunderstood by the IT consultants who are setting up tape-based and disk-based redundant copies of data, without creating any recovery path for the case of corrupted or deliberately modified data.
Most of the standards around IT compliance are about creating better business systems and protecting businesses from serious data loss. They are not about creating layers of unnecessary cost.
Ultimately, the question for most of us in small and medium businesses should be: “What area of IT should I focus on making compliant first, and what standards could be applied to my industry to guide my strategic IT decision making?”
What compliance issues have you come across in your industry?
Click here to read more IT Systems expert advice.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.