Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in technology, policy, and procedure. Those who adjust well aren’t phased by the fast pace of the market or the constant evolutions in technology and security standards. Those who struggle with change constantly operate in a reactive state, and fail to properly strategize their business moves.

Unfortunately, 2015 saw some seriously impressive information security hacks, the likes of which included those at major companies and entities like VTech, T-Mobile, the FBI, and even Trump Hotels. The silver lining? At the very least, hacks involving large organizations such as these garner tons of media attention and headline time, which brings awareness to the growing urgency of greater information security. But security executives like CISOs and CIOs still struggle to see eye-to-eye with non-security executives on the matter.

The AICPA just released an updated version of TSP Section 100. The update amends TSP Section 100 and supersedes Appendix C of TSP Section 100A, which relates to the Generally Accepted Privacy Principles.  Below is an overview of all of the updates:

When you hear the word “whistleblower,” do you think business traitor or Good Samaritan? In most company cultures, it tends to be the former, which is unfortunate because more often than not, exposing a security issue is a matter of ethics, not malice for employees. However, because malicious intent has occurred before, the negative connotation lives.

Your company has internal security measures in place, and it has met many compliance requirements. But do these things mean your business is now immune to fraud? Probably not. Research shows that 75 percent of companies have fallen victim to fraud in the last year.

As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several negative effects on a company including loss of customers, fines and a lack of trust among current customers or prospects.

The result of a compliant PCI DSS assessment is the generation of an Attestation of Compliance (AOC) as well as a Report on Compliance (RoC). The AOC is attesting to the organization’s compliance with the PCI DSS standards, different than an audit attestation report, which may be governed by the AICPA.

NOTE: Schellman has since updated and expanded on this information in an article here. Nobody likes a compliance audit, but they serve a necessary purpose in the business world. If an organization is lacking in its adherence to global compliance regulations, there could be serious fallout. Employees or customers may lose trust. Your company’s reputation could be damaged, and worse — lawsuits and fines can significantly damage financial health. For this reason, chief compliance officers must change the way they think about audits. Painstaking as they may be, an audit provides you the opportunity to rectify issues before they become larger problems. Instead of dreading and avoiding an upcoming audit, here’s how compliance leaders can prepare their company to make the review process less agonizing.