866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

3 Things CEOs Need To Know About Compliance Culture Blog Feature
DEBBIE ZALLER

By: DEBBIE ZALLER

Print/Save as PDF

3 Things CEOs Need To Know About Compliance Culture

Compliance and Certification | Education

As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several negative effects on a company including loss of customers, fines and a lack of trust among current customers or prospects.

Despite being at the top, many CEOs aren’t aware of their company’s compliance needs, or if they have a compliance program in place, they aren’t aware of its progress or its inner workings.

Research by the Ponemon Institute found only 20 percent of security and compliance executives say that “they frequently communicate with executive management about potential cyber-attacks or threats against the organization.”

So, as a CEO, how can you make sure you’re aware of your company’s compliance needs and ensure the compliance certifications your organization requires are met and maintained?

Here’s what you need to know to meet your company’s security and compliance needs.

1. Be Aware of Cyber Threats

You know any disruption to your information systems can have huge impacts on your operations, reputation and more. To protect your organization, the Department of Homeland Security several measures:

  • Ask questions. You should ask the following about your company’s cyber risks:
    - What is the current level and business impact of cyber risks to our company? How do we plan to address identified risks?
    - How is executive leadership informed about the current level and business impact of cyber risks to our company?
    - How comprehensive is our cyber incident response plan? How often is the plan tested?
  • Have cyber security discussions with your leadership team. You should regularly communicate with those on your team responsible for managing cyber risks. This will allow you to be aware of threats and give you a set time to meet and strategize with your leadership team.
  • Coordinate response planning across the company. Having early response actions in place can help limit or prevent possible damage in the event of an incident.

2. Keep Policies Up-to-Date and Communicate the Updates

Make sure your company’s policies and procedures are reviewed periodically and up-to-date to account for any new laws or requirements. Also, periodically communicate these updated policies and procedures to employees. Employees should understand and be aware of their responsibilities for compliance. . [LINK to culture of compliance post]

3. Foster an Environment of Ethics and Compliance

Succeeding at compliance entails more than just having policies and procedures in place. Periodic training is essential to not only communicate the policies but also the risks to the organization. Employees should understand how their actions influence others, how to identify potential incidents and how to report them. Provide managers the training and resources they need to foster connections among those who report to them, and require leadership to take responsibility for compliance.

As CEO you not only need to be aware of your company’s compliance requirements, and cyber threats, you also need to provide a culture to make compliance commonplace. By providing effective guidance, enforcing policies and procedures, being aware of monitoring, having open lines of communication and more, you can ensure your company meets all of its compliance requirements.

About DEBBIE ZALLER

Debbie Zaller is Chief Operating Officer at Schellman. Debbie is responsible for maintaining and driving operational results and executing the firm's strategic goals. Debbie oversees all daily operations of the firm while spearheading the development, communication and implementation of effective growth strategies and processes. Debbie has over 21 years of IT compliance and attestation experience. Debbie led the firm's Midwest, Southeast, and Northeast regions along with the national service lines of SOC 2 and Privacy service lines as Managing Principal before assuming the position of COO in 2021. Debbie holds a Master of Accounting degree from the University of Florida. She is a Certified Public Accountant, Certified Information Privacy Professional/United States, Certified Data Privacy Solutions Engineer, Certified Information Systems Security Professional, Certified Information Systems Auditor, and Certified Cloud Security Knowledge. She is currently an AICPA-approved and nationally listed SOC Specialist and speaker on various privacy topics. Debbie was on the AICPA Task Force for the Advanced SOC for Certification Exam, was a member of the Florida Institute of Certified Public Accountants Board of Governors and served on the Finance and Office Advisory Committee.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.