Regulated environments can be a time-consuming and expensive headache for businesses. Not only do companies have to create and adhere to their own internal sets of policies and procedures, but most businesses are also required by federal and state laws to comply with specific standards of operation, i.e., regulatory compliance.
Before you wonder what that has to do with you and your business, consider the problem of the Orange and Alexandria Railroad in Virginia during the Civil War. Dozens of railroads across the South, most serving only a small geographic area, taking local cotton to seaports for trade, operating exclusively in their own territories.
When the Civil War broke out, and railroads were pressed into military service, a surprising discovery was made. Troop and supply trains simply could not travel from Biloxi to Raleigh; each state had their own track gauge. If two adjoining states didn’t have the same track width, a train had to stop. All of the cargo and passengers were unloaded from one train and reloaded on to an entirely different train because one operators’ trains couldn’t fit on another’s tracks. This lack of planning is regarded as one of the major contributors to the loss of the Civil War for the South.
The same problem started to come up for businesses in the 20th century, different pipe sizes, different paper thickness, problems arose in nearly every part of the trade community. That’s when the International Organization of Standards (ISO) came into existence. Soon after came the development and rapid expansion of the Internet, causing best practice standards to be developed by individual businesses and industries, as well as state and national governments. As a result, some agreements, guidelines, and laws have been implemented in an attempt to bring order to an ever-growing business community.
Today there are numerous agencies, both public and private that provide standards for various business operations. Here’s just a few:
The Health Insurance Portability and Accountability Act (HIPAA) exists to provide a standard for the protection of electronic health information. Any business that is involved with medical records and patient information is required to comply with HIPAA. Microsoft’s Office 365 has built-in features that assist with HIPAA compliance.
The Federal Information Security Management Act of 2002 or FISMA was enacted to address information security issues regarding all federal agencies. If your organization does business with the federal government, you may want to make yourself familiar with this law.
Headquartered in Geneva, The International Organization for Standardization or ISO is an international voluntary organization that develops commercial, proprietary and industrial standards. ISO 27001 is the ISO security standard that was published in 2013.
Simply put, The Family Educational Rights and Privacy Act (FERPA) is a law that protects student information. The law applies to any school that receives federal funds.
The Gramm–Leach–Bliley Act (GLBA) is in place to guide financial institutions. The law requires banks and other financial institutions to safeguard any consumer information they might collect and provide easily accessible information regarding their privacy practices.
These are just a few of the regulatory requirements your business might be subject. Today some office productivity tools (Microsoft Office 365 and others), provide specific features to make compliance less daunting. One more low-cost tool for very small business.