Let’s face it, compliance is not a subject that you wake up in the morning, take a shower, and start being excited to put in your schedule! Most of our requests come after an incident, such as a cyber-attack or failed audit. However, when you embrace compliance instead of fighting it, this will help you determine where your IT efforts should be put, and what are your obligations to the stakeholders.

Usually, management wants to be able to have answers to these types of questions before something goes wrong. If you decide to act after the fact, you can try and plead ignorance, but more and more authorities are rebutting this defence.