Creating a "Culture of Compliance."

"You must inspect what you expect."

"Perfect practices makes perfect."

"The term training refers to the acquisition of knowledge, skills, and competencies
as a result of teaching practical skills and knowledge that relate to specific useful competencies."


Without education and training from the day of hire about protecting customer
nonpublic personal information or NPI it is virtually impossible to install in the
employees mind the importance of their willing participation and what it means
to the organization.

To create a "Culture of Compliance" it must be;
                                  
                  taught early and often
                  must be enforced daily
                  employees must be held accountable  - no short cuts allowed !!!                 

  You are responsible for both the success and failure of your Information Security Program. Its success is in direct proportion to the training you provide, and the accountability your exercise in managing the program!

A wise man person once said that the test of a truly moral person, is whether he does the right thing when no one is looking. Certainly, the test for all organizations is whether they maintain and each day, reinforce, a culture of compliance.

That includes not only doing what is within the letter of the law, but also what is right, whether or not a regulator or anyone else for that matter is looking.

If you want to know in your heart of hearts that your employees are protecting your organization and the customer confidential information it maintains, then compliance must be as automatic as breathing.   

It will never happen by accident. Think about it.