Compliance Scorecard

Don’t know the number of environmental regulations impacting both global and North American industry today? If you are responsible for industrial security, environmental, health and safety, you had better start counting.
Let’s give it a try with trucking in North America. According to the American Transportation Research Institute (ATRI), government regulation jumped from a seventh-place ranking in 2005 to fifth in the 2007 ranking of the most critical issues affecting the trucking industry (www.atri-online.org/2007_top_industry_issues.pdf). The list of U.S. federal agencies with jurisdictional regulatory ownership over the trucking industry includes the Department of Transportation, Federal Highway Administration, Federal Motor Carrier Safety Administration, Federal Aviation Administration and Environmental Protection Agency.

In a broader sense, several security standards and guidelines with environmental implications affect industry in general, such as the Customs-Trade Partnership Against Terrorism (CTPAT), a joint government-business initiative to strengthen overall supply chain and border security; the U.S. Coast Guard Maritime Security for protection of waterways; ISO IEC 27002 (17799) Section 7 on Physical and Environmental Security recommendations; and the National Fire Protection Agency’s codes and standards around business continuity (1600). The list does not end here.

Whether you are on the highway, in flight, on a railroad, pipeline or loading products in your company warehouse, you must comply with the dozens of safeguards and regulations that protect human health and the natural environment.

Let’s talk about non-compliance for a moment. If you do not have the proper insurance coverage for your trucking fleet and you are found in violation, penalties and fines can go as high as $100,000 per violation. So let’s say you have a truck accident that spills chemicals, damaging the supply chain and the roadway. The cost of fines, inspections and spill clean-up can extend well into the hundreds of thousands of dollars. Worse yet is the potential loss of human life due to an accident that could have been prevented— there is no price on that, and the corporate reputation damages will not translate well for any company’s bottom line.
To avoid these costly consequences, industry security leaders must be proactive in their approach to compliance programs and ongoing maintenance. Compliance may be achieved across the board if you do your homework, because many laws, regulations, voluntary compliance, standards and guidelines (LRVCS) share common requirements. Here are a few ways to achieve better control and position over your program:

• Due Diligence. Know which regulations impact your business. Ask business partners like Legal, IT, Audit and Facilities groups to take part in the exercise. Security regulations impact everyone, even if they don’t know it — and most of the time they don’t.
• Gap analysis. Take the time to find the commonalities among all regulations that impact you and set your game plan for compliance. Become compliant with the most stringent of regulatory elements. This will answer some of the less stringent regulatory language, too.
• Remain current. Get to know the government agencies that are regulating your business. Make contacts and make it part of their job to feed you updates and changes in regulations. At a minimum, sign up for online alerts and updates in regulatory changes. Do you have an analyst on staff? If you do, put him or her to work for you. If you don’t, use an analyst within the company with a “we’re all in this compliance thing together” approach.
• Be proactive. Even if it’s only a recommended guideline or control, chances are you need to be meeting it. Track these recommendations and take them seriously. Often, what you don’t know will hurt you. Audit yourself before a regulatory agency does!

Liz Lancaster Carver is member services and projects manger for the Security Executive Council, which maintains a large and growing list of laws, regulations, standards and guidelines that impact security (https://www.securityexecutivecouncil.com/public/lrvc). Before joining the Council, she worked for Boston Scientific Corp. as manager of security integration and investigations.