The Peer-to-Peer blog is a forum for Channel Partners readers with the goal of stimulating discussion among partners about important issues impacting their business. The opinions expressed here are those of the authors and not necessarily those of Channel Partners editors or publishers. If you are interested in submitting a blog, please contact Managing Editor Buffy Naylor, firstname.lastname@example.org.
Unraveling the Complexities of Compliance, Part II
By Sean McCaffery
In the first blog entry, we looked at health care regulations specifically and how HIPPA and subsequent health care acts such as HITECH have gone through a series of final rulings that could drastically impact VARs and service providers. From the myriad regulations related to storing paper data, electronic data and now all the enforcement and serious fines baked in, it’s no wonder that companies are seeking compliance experts to help them.
But there are other types of compliance such as PCI, for the VAR to be well-versed on.
Here are a few more important considerations to review with any client that is subject to today’s compliance laws:
- Do you have data that will reside on the network/infrastructure/system that is subject to compliance? Helping your customer manage their risk and having a compliant and secure infrastructure can help you sell your solution as a more secure and stable option.
- Are you going to have personal information such as credit card and/or Social Security numbers, individual health records or insurance plans residing on your servers? Really, anything a typical human resources system would have on it would be important to understand so the solution can meet current regulations including HIPPA, HITECH and even PCI laws.
- What physical and security protocols are necessary? For example, if colocation is part of your overall solution and you did not have proper Internet firewalling, customer data could be exposed to theft. By not asking the right questions up front, you may not have the right security protocols in place even though you have the physical protocols in place.
- As a channel partner, often blending in solutions from other companies, do you know if your own partners understand compliance and the complexities involved? Tailoring a full solution requires that all elements work together to meet compliance stipulations, not just one or two components of it.
- Data centers provide the underlying infrastructure to support your own IT environments and that of your clients. It is crucial you know in advance of tailoring your client solution what the facility has put in place to adhere to the myriad regulations out there.
- Bottom line: Ask the right questions and fully understand your customer’s applications and data.
A lot of data center providers might not have a specific compliance department, but rather connect you to a solution engineer. In today’s confusing regulation landscape that might not be comprehensive enough anymore. It all comes down to a collaborative effort between the VAR, its partners and the client. By aligning with the right data center partner, you will have a more consultative and knowledgeable approach in designing cost-effective infrastructures to meet compliance regulations. There is a lot more to it beyond just looking at physical and administrative compliance.
Audit: Not a fun word or experience. But being audited these days is a reality with the new laws. It’s quite valuable in times of an audit if your data center partner has a department or experts on-staff. The right data center provider can help you not just with a compliance checklist, but can take it a step further and provide a comprehensive set of solutions to be baked in upfront — minimizing the risk of audit or the “pain" of the audit if you are in the midst of one.
By putting a well-thought-out compliance package together with your data center provider, you should have all that is needed to achieve compliance and have processes built around those items so nothing is missed. And you will have experts by your side whose job it is to stay current with the ever-changing compliance landscape and are there to help if you have to go through an audit.
Sean McCaffery is vice president of channel sales at ViaWest . He is responsible for driving and delivering sales and strategy for the channel partner program. His responsibilities also include driving programmatic and process change in support of indirect sales models, building and implementing integrated sales and marketing strategies, sales forecasting, setting quota’s, partner compensation, change management and supports implementation of all company channel initiatives. Prior to ViaWest, McCaffery was responsible for channel sales and operations at Rackspace Hosting and before that was responsible for Western Europe channel sales at Avaya Ltd.