By Mark Searls, Owner TeamLogic IT
Compliance Typical U.S. based businesses have to adhere to dozens of federal, state and local regulations. From data security and privacy laws to human resources and employee safety requirements, most are continual concerns that have to be addressed on a continual basis. Government agencies rarely give business owners and managers a break for failing to understand their responsibilities—and violations can be extremely damaging to an organization’s bank account, as well as its industry reputation.
 
 
Whether the company sits atop the Fortune 500 list or is owned and run by one individual, each must deal with the rules applying to its specific industry and locality. The regulations that cover the majority of U.S. businesses include:

• Sarbanes-Oxley Act (SOX)includes standards for all U.S. public company boards, management and public accounting firms.
• Gramm-Leach-Bliley Act (GLB), otherwise known as the Financial Modernization Act, sets specific standards for privacy, security, and fraud protection related to client information.
• Payment Card Industry Data Security Standard (PCI-DSS) was created by major credit card companies to ensure greater cardholder information protection.
• Health Insurance Portability and Accountability Act (HIPAA) Title II of this legislation establishes national standards for electronic health care transactions and addresses the security and privacy of medical information.
• State and local regulations often cover employee safety and other human resources-related issues, as well as financial and environmental matters.

Every organization’s management team has to understand which rules apply to their specific business and put the proper processes in place to ensure full compliance. That requires a comprehensive plan, which starts with a review of applicable federal, state and local regulations. Employees and IT service providers should be included in the compliance appraisal process to ensure that all real and potential gaps as properly identified. After all, those who perform these vulnerable processes on a daily basis are usually in a better position to share details and suggestions that most of their managers and the IT specialists can offer their own ideas and expertise to the plan.
 
While employee handbooks and new-hire counseling sessions often cover a number of confidentiality and security measures that workers must adhere to, those rules may be neglected or poorly enforced over time. So, even though a company may have decrees in place that they believe will cover them if a breach occurs, if those guidelines are regularly ignored without repercussion, the company could be found negligent and have to pay damages.
 
That’s why the management team must build an effective “plan of attack” that ensures full implementation and long-term adherence to recommended industry best practices, including effective IT security and data preservation measures. Since most modern regulations focus on adequate protection for client, patient and financial information, it’s critical for businesses to implement comprehensive systems that can address each compliance concern. These most effective technologies address compliance issues proactively, including solutions for onsite and offsite data storage, disaster recovery, data archiving, anti-virus and anti-malware, web filtering, network monitoring, and a variety of firewall and other data/network protection services.
 
Of course, compliance doesn’t stop with a plan and the right systems in place. Managers must pay close attention to prospective (and actual) changes to industry, state and local regulations and procedures to make sure they can be (or are) in full compliance. That’s where a qualified IT solution provider can also help, bringing a wealth of experience addressing a wide variety of regulations and security threats. So, if tackling a myriad of compliance issues sounds like a weighty challenge for your business, make that process a lot easier by partnering with the right support team.

By Sandy Chockla, Franchise Owner, Expense Reduction Analysts

Use the spend and contractual information to prioritize which spend categories you look at first.  Typically, you should prioritize the categories that have the highest spend since the same percent savings will have bigger impact to the total savings you generate.  Another consideration is what spend is under contract and when those contracts expire.  You should time your quotations to be completed before the current contract expires so you understand your options.  You don’t want to renew an existing contract without exploring the options available to you. 
 
In some industries, timing of when the RFP goes to market can have a large impact on the success of that RFP.  For instance, transport companies are intensely busy during the busy holiday season so putting an RFP into the market at that time is asking for a poor response.  Knowing enough about the industry to avoid timing mistakes is another tip on how to make your RFP successful.
 
Another thing to consider is how long has it been since you went to market on the various categories.  Most likely, the supplier’s pricing was most competitive when they first won the business.  Over time, their margins will creep up, especially if you have become complacent as a customer and do not regularly go to market to benchmark the prices you are paying.

​Sandy Chockla is a franchise owner and Principal Consultant for Expense Reduction Analysts (ERA).  ERA has a network of experts in more than 40 overhead expense categories which I leverage to benchmark prices, review supplier agreements, and optimize our client’s purchases or services.  This is done without compromising supplier quality or service.  If you would like to have a discussion, you can contact Sandy at schockla@expensereduction.com or call direct at 970-232-4860