For an example of how URO might pan out in reference to an actual cross-functional law, consider its impact on the implementation of Title 18 of the U.S. Code, on federal sentencing guidelines. In this situation you will need to have business conduct and ethics and maybe HR monitoring a reporting hotline, audits and executive management overseeing notification of the audit committee and the board, legal and security dealing with investigations, perhaps communications interfacing with the public, shareholder services monitoring progress, and if the issue at hand is a regulatory problem, you will have government affairs heavily involved.
That's a lot of departments to work with and consider, but without input from each, you will be missing a critical element of compliance or enforcement and putting the business at risk of significant loss.
4. Rely on ST&D and the Security Executive Council to keep you informed. Check back each month for a new Compliance Scorecard and for regular legislative and regulatory coverage that draws on the experience of council members and faculty, leaders of world-class security programs, to help you find the most effective path to compliance.
Bob Hayes is Managing Director of the Security Executive Council, a cross–industry professional organization of security executives devoted to advancing strategic security leadership solution. He also serves as chief security officer of CXO Media Inc. and its parent company, International Data Group. Mr. Hayes has more than 25 years of experience developing security programs and providing security services. Prior to joining CXO, he spent eight years as the CSO at Georgia Pacific and nine years as security operations manager at 3M.
Marleah Blades is senior editor for the Security Executive Council. Before joining the council she served six years as managing editor of Security Technology & Design magazine.
This article is based on the collective knowledge of Security Executive Council members, faculty and staff who are committed to sharing their experience in world-class security programs for the benefit of others and the security profession. For information about the Security Executive Council, visit www.csoexecutivecouncil.com/?sourceCode=std.
The council's list of legislation, regulations, and guidelines is lengthy but incomplete. If you submit to the council a law, regulation or guideline with a security component that is not currently on the list, they will provide you a free $50 metric tool for your participation. For information, visit www.csoexecutivecouncil.com/public/lrvc.html/?sourceCode=std.