Cover Compliance Blog - News, Opinions, Tips, and More

Cover Compliance Partners with Computer Solutions East for GDPR Compliance Offerings


I am so proud to finally announce this strategic partnership that we've been working on for some months now. I have had the honor of being selected by Computer Solutions East (CSE), an award-winning, Tier 1 Managed Microsoft Partner from New York to work with them to bring privacy and security compliance tools and advice to their existing client base and beyond, starting with services targeted at GDPR implementation.

The part of me that evangelizes all the time about all you can do with software you already have is especially excited that we will be helping people make the best use of tools many of them already have (even though many don't know they do—or know how to use them) through being subscribers to Microsoft cloud services of various types.

Read more...

Do You Have That in Writing Presentation Materials Available


My first Enterprise University class just wrapped up! It seems students found it beneficial and I just hope they had as much fun as I did. I look forward to connecting with everyone on LinkedIn and Twitter, and feel free to reach out if you have any questions about the class or materials, or about Cover Compliance or Enterprise University. There are still a couple spring classes available and they'll be back with a summer semester, too.

Handouts for the class, entitled "Do You Have That in Writing? How Compliance Documentation Leads to Better Business", are available for download, including a PDF of the slide presentation.

You can find the PDFs for the slides and each individual handout on our Resources page by clicking here.

I look forward to getting a chance to do this again.

Read more...

Pushing GDPR Buttons


GDPR has been one focus of my work for over a year, and the level of interest in GDPR compliance has exploded in the last couple months. Lots of people are now scrambling to try to meet the end of May deadline, motivated often by their interactions with their business partners who are also working on compliance.

I've spent a lot of time interacting with potential clients lately where I feel like I'm successful in educating them on how big this GDPR work normally is. But the end result is usually that I convince them to either hire someone willing to do short-sighted work (and, in my opinion, waste their money AND increase their risk). Or they end up deciding not to do anything.

Hopefully, this information will be of benefit to anyone who has any kind of GDPR work to do but isn’t familiar with GDPR or maybe even formal privacy management. And hopefully, those who reach out to me about their projects will do so knowing that I’m going to tell them there’s no GDPR easy button.

Read more...

The Cover Compliance Approach - Compliance Program Model Diagram Available Now

To better serve anyone who may contact me regarding their compliance needs in order to figure out whether I am the right person to work with, I just posted a high-level compliance program overview diagram to our site's new Resources page.

(Don't worry—the picture above is NOT it.)

The diagram will show you the approach I normally take to the compliance consulting work I do, whether that is creating documentation, helping define governance processes, or dealing with awareness training needs for staff and other stakeholders.

The diagram illustrates the high-level lifecycle for creation of a complete, new compliance program.

Read more...

Cyber Insurance - Which Comes First? The Policy or the Policies?


This is the first in a small series on some key reasons why written policy and procedure documentation is important to your small business or medical or dental practice, no matter how small you may be.

Not many of the smallest businesses that I commonly work with have yet to purchase cyber insurance but it's becoming more popular, quickly, especially with data-intensive businesses and those facing clear and strong information protection rules such as HIPAA-regulated healthcare entities and even their business associates.

When it comes time to purchase cybersecurity insurance, odds are that you will be expected to have a defined compliance program that includes comprehensive written privacy and security policies and procedures.

Read more...

Can I Get That In Writing


It isn’t uncommon for businesses to have real rules and defined procedures that impact compliance but that are not written down. You could have a valid compliance program that is not all in writing.

I won’t be trying to convince people that they absolutely HAVE to spend money and precious time documenting businesses policies and procedures to satisfy a regulator who may have little likelihood to pay them a visit.

But there are several other reasons why small business owners should spend their money and someone’s precious time to create at least a basic set a business policies and procedures for their business or healthcare practice. And they're reasons that usually have bottom-line financial impacts.

Read more...

Learning from Tanning Salon Noncompliance Study


This is the first of our ongoing “use case” blog posts, where we take off from a real news story to explore key compliance principles. For a more detailed explanation of how our posts tagged with the “use case” label will work, see our other post from today.

This first “use case” post is interesting because it illustrates just how universal the need for a compliance program can be. And it shows a key way you might figure out what to include in your own compliance program, by looking at what outsiders (whether regulators, auditors, or, as in this case, researchers focused on your product or industry) may use to investigate your industry. It also touches on the benefits of simplification in the face of a slate of differing regulations.

Read more...
Cover Compliance Blog Glossary

Real News Search "Use Case" Posts Explained

Yeah - we really are that focused on the details that we aren’t just tagging our blog posts and leaving you to wonder at our cryptic (and hopefully quite clever in some cases) meanings. We’ve created a glossary where we periodically describe what you should find when you look at specific posts gathered under each tag. To see the whole glossary at any given time, just click on the “tag glossary” tag in our blog contents sidebar.

Read more...

Born This Way

I used to say I got my start in privacy and compliance in 2002 when I moved out of technical writing and IT consulting; but a while back I found evidence to disprove that assertion, when I found the complete policy and procedure that I wrote in 1984 to govern how my high school's homecoming festivities were going to work.

Read more...
Categories
Tags
Dates
What We Do
Regulatory compliance advisory services for smaller and not-for-profit entities that lack resources to purchase and manage complex enterprise systems and staff.
Stacks Image p62_n32
Cover Compliance
WHERE WE ARE
Overland Park, KS in the Kansas City area

  • 1.816.226.6759