Having a compliance action plan is essential. To comply with the law, you first need to know what laws apply to you (often called your regulatory universe), what those laws require you to do, and the risks to your organisation (and directors) for failing to comply. But the most important thing is to know:
- whether or not your organisation complies, and
- who in your organisation is going to take remedial or mitigation action.
This is what a compliance action plan achieves. It goes by many names, but all it really is a good todo list. Some people call it a compliance risk management plan (or just a regulatory plan), but that is a slightly different thing.
A Compliance Action Plan for your Organisation
Many of our clients use an IT Compliance Action Plan together with our List of IT Laws and our IT Legal framework. The list contains the IT laws, the framework sets out the generic regulatory requirements that IT law requires every organisation to do. The action plan contains what the specific organisation has done or is going to do to comply with IT Laws. We think it is best for the framework and plan to be separate but related documents. We can send you an outline of an IT Compliance Action Plan so that you can see what it includes.