Frank Lagorio's Weblog

What is Compliance anyway? Many people have been asking what is compliance? Compliance means that you, as a company will not only obey, but take affirmative action to comply with the various new Federal laws recently enacted as a result of corporate malfeasance. These ideas behind these laws started with DOD rules for document handling and then were embellished. So you have SEC rules, Sarbanes Oxley legislation, Patriot Act rules, Basel 2 in Europe, Hippa with regard to personnel and privacy and others. These rules specify various document retention periods, retention media (WORM drives) etc. What is particularly invasive however is that it must all be audited and the auditors must be watched as well. Some companies are taking a wait and see approach because no case law has developed nor appealed which spells out in particular what is actually "the law". This is a poor idea. Federal agencies will frequently attempt to intimidate what they feel is appropriate behavior. Look no further than Attorney General Spitzer in his fight over NYSE compensation as an example. What is required immediately is that at least a company have a plan in place unless you are specified as a fast track company ie. Financial sector.