If your company is a startup working in the fintech industry, or any industry where customer data is captured and used, chances are that there are a set of policies and procedures with which you have to demonstrate compliance. Like most startups, you probably have struggled with compliance, after all, creating policies and formal procedures is not what drives you. However, your business cannot succeed without them, so you probably have rushed around creating policy and procedure documents while the compliance audit was being done. Working this way is stressful, risky, and it actually takes more of your time then getting it done right.
There are a plethora of regulations and standards that need to be certified and/or audited. This can create an overwhelming sense of futility when you are trying to focus on your core business. It is not what gets you out of bed in the morning.
Fortunately, regulatory compliance does not have to be so painful. Based on our experience in the market, we have created a framework that can get you out the gate quickly, and help you establish what needs to be in place to get certified for example under PCI DSS and other standards.
We create a simple compliance framework for your organisation. We determine the standards for which you need to audit compliance. We then work with you and your team to build the appropriate policies and procedures.
It is important to realise that we do not provide the compliance assessment. That is up to the company providing you Qualified Security Assessor (QSA) services. We help you to get in place the framework that will be used by the QSA to audit your compliance. We can also work with your QSA to ensure that your policies and procedures are explained and presented as part of the assessment. We will also take feedback from the QSA and help you to improve what is required for compliance.
The responsibility, however, for adherence to policies and procedures lies with the management or executive committee of the organisation. Ultimate responsibility lies with the CEO.
Kenga Solutions is not a law firm, we are not lawyers, and we do not provide legal advice. There are no guarantees when it comes to a successful compliance audit based on the work we do, because ultimately, compliance does not just depend on policies, but upon their successful implementation. We will point out implementation gaps in the process, but it is the CEO and management committee responsibility to ensure that they are closed.
What we can do, however, is allow you to focus on the core aspects of your business while we create the policy and procedure framework for you to use. We don’t just advice, we execute.