In the GRC world this week, we examine electronic records legislation, the need for compliance in the cloud and how small businesses need to implement strategies to reduce risk.
Does Cloud Have a Boss?
In a recent article, Richard Adhikari asked Who's the Boss in Cloud Land? Adhikari nicely sums up the pros and cons of cloud computing and the legal ramifications of storing data outside one’s jurisdiction.
Businesses may flock to the cloud because of its flexibility, but it could also be the very thing that causes the most problems. Adhikari contemplates the following situation:
What happens if servers D and E run virtual machines with data that's under strict governance, such as medical data? If you consolidate these onto servers running virtual machines holding less-strictly regulated data during off-peak times, you could be in breach of compliance.
In this case, as it is with most others, companies can prepare themselves by paying more attention to governance and control, and must be transparent with information shared with compliance officers and auditors.
Small Businesses Sweat Compliance, Too
Nancy Mobley of INC. Magazine advises companies to “sweat the small stuff” in a recent article. She says that small businesses “can't afford to overlook federal and state compliance policies” and encourages business owners to support HR needs as best they can. Developing best practices and strategies can impact business growth, reduce risk and ensure compliance.
A recent survey of small businesses in New England found that small businesses are planning to increase hiring and benefits to employees, but are also watching costs. As well, new health care legislation will impact small businesses and the benefits they can begin to offer employees.
Mobley says that companies must “figure out best way you can continue to grow, be in compliance and create a workplace that will attract and engage star performers.”
Amending the Electronic Message Preservation Act
Healthcare wasn’t the only legislation making news this week. The House also passed a measure that would amend federal records law to ensure the government properly preserves electronic messages and deploys the necessary information technology to do so.
The bill aims to increase the National Archives and Records Administration’s (NARA) authority over the oversight of federal and presidential record keeping practices.
Without a statutory prescription for maintaining electronic records, agencies can continue to print and file records as they would paper documents, making the process outdated and ineffective.
The amendment would allow the head of NARA to establish standards for the capture, management and preservation of electronic messages that are presidential records and annually certify the management controls put in place by the administration.