Page 19 - gs260402
P. 19

Spotlight Innov              ators
                                           Spotlight Innovators









  I
 n
 ht
 li
 g
 n
 r
 s
 o
 ov
 at
 ot
 p
 S Spotlight Innovators
 Spotlighting on companies    Turn IT compliance
 that promote    into recurring revenue
 innovation in the payments industry

                   ighly regulated industries such as manufacturing, healthcare and financial services must maintain strict com-
                   pliance standards in order to operate. But many businesses take a “check-the-box” approach, doing only what
                   is necessary to meet minimum requirements rather than building systems that can prove their compliance if
 •  Custom pages on our high-traffic website    H questioned. That approach can create serious risk. If regulators, auditors or law enforcement request docu-
        mentation, companies must be able to demonstrate that their IT systems and internal controls meet all required standards.
 showcasing your company’s unique message  Eugene Rutberg, managing partner at Ketra Group, helps companies build defensible IT controls while creating a recur-
        ring revenue opportunity for agents and ISO partners. Below, Rutberg discusses the risks of minimal compliance, how
        his firm helps companies strengthen their IT infrastructure, and how referral partners can benefit.
 •  Your own, customized News from the Wire that   Why is a "check-the-box" approach to compliance risky?

 highlights stories about your company  The  path  of  least  resistance  is  to  just  check  the  box  and  keep  your  fingers  crossed  that  the  auditor  doesn't  discover
        something. And if they do find something, the attitude becomes - what's the minimum I can do to close out that finding?
        That's not a compliance posture. That's a gamble. The standards are written in a way where as long as you say you're
 •  Featured content: updated monthly, either by   doing something, it's generally accepted. But saying you're doing something and actually proving it are two very different
        things. When something goes wrong and someone asks for that data, are you able to provide it? That's the real test.
 your in-house writers or by one of ours  What kinds of problems can arise when companies only meet minimum compliance requirements?


 •  Custom infographics and videos  The biggest problem is being unable to substantiate your compliance posture when it matters most. Auditors are there to
        verify that your controls actually work. But if law enforcement shows up because an incident was traced to your facility
        and they need logs for a specific date range showing who was signed into which workstations and when - that's a very
 •  Premier content placement in each issue    different conversation. Minimum compliance gives you a passing grade on paper. It doesn't give you a defensible position
        when the stakes are real.
 of The Green Sheet  How does Ketra Group help companies move from basic compliance to building defensible IT controls?

        What we do is make sure organizations are audit-ready at any point - not just when an audit is scheduled six months out.
 •  And so much more...  If an auditor shows up tomorrow, you should have the proof that you're doing the work you're supposed to be doing at
        the required intervals. The feedback we consistently get from auditors is, wow, we don't really expect any of this. But it's
        amazing because it actually proves you're doing the work. That's what sets us apart. We're not just advising - we go in and
        implement the tools and systems that make that posture real and sustainable.
        What types of systems or documentation do companies need in order
        to prove compliance if they are audited or investigated?
 R ic k@g r e ens he et .c om  At a minimum, organizations need reliable logging and monitoring systems that give you a clear view of your environment
 Rick@greensheet.com
        and critical events. But equally important is documented evidence that required checks are being performed on a regular,
 707-284-1693  verifiable schedule — not just written into a policy that nobody looks at. The auditor may not be able to consistently verify
 707-284-1693
        what you say you're doing. We make sure you can prove it.
        Beyond compliance support, what other IT services does Ketra Group provide?

        Ketra Group was built specifically around compliance, but we bring over 27 years of IT consulting and implementation

                                                                                                                19
   14   15   16   17   18   19   20   21   22   23   24