Compliance monitoring refers to overseeing business operations to ensure alignment with regulations. It begins with evaluating applicable regulations and determining what compliance looks like. The purpose is to ensure an organization meets standards on an ongoing basis and identifies regulatory gaps to inform framework improvements. A compliance monitoring plan prioritizes the risks identified in an audit to address how monitoring will be implemented, including regular policy reviews, reporting, training, and consequences for failures.

1. z
Compliance
Monitoring

2. z
What is Compliance Monitoring?
 Compliance monitoring refers to the process of overseeing
business operations to ensure that organizations are aligned
with industry and other regulatory mandates.
 Cybersecurity compliance monitoring begins with evaluating
which regulations apply to your organization directly, as well as
determining what compliance with these regulations looks like.

3. z
Purpose of Compliance Monitoring
 The purpose of compliance monitoring is to ensure your
organization is meeting various standards and regulations on an
ongoing basis.
 It can also help identify any regulatory gaps within your
cybersecurity controls and inform the changes you can make to
your cybersecurity framework to better maintain adherence with
applicable regulations.

4. z
Creating a Compliance Monitoring Plan
 Once an audit is complete, you can then begin creating a
compliance monitoring plan.
 A compliance plan helps your company to follow the laws,
regulations, and rules that govern your industry.
 When creating a compliance monitoring plan, you should aim to
address all the risks identified in the audit stage, however, risks that
pose the greatest threat to your organization should be prioritized.
 Once you have identified priority risks to monitor, you then need to
decide how you are going to implement the monitoring program.

5. z
Certain elements that every compliance
monitoring plan should have:
 An agreed-upon scope and strategy.
 A schedule for regular reviewing of all policies and procedures.
 Standard tools and reporting templates.
 Systems for reporting.
 Training and improvement.
 Consequences for failing to improve or complete training.

6. z
Compliance Monitoring Strategy (CMS)
 Compliance Monitoring Strategy (CMS) outlines how states
should evaluate the compliance status of a facility and the
frequency of evaluations.
 Data associated with compliance activities is uploaded to the
EPA by the DAQ on a monthly basis. This data can be viewed at
EPA’s Enforcement and Compliance History Online (ECHO).

7. z
Why Is Compliance Monitoring So Important?
 At a basic level, monitoring ensures that your organization’s
operations are happening and working as they should. More
broadly, it can identify any areas of noncompliance, whether with
internal policies or external regulations ‘ and whether accidental
or intentional.
 Compliance monitoring also helps healthcare organizations
identify problems and find solutions before a government agency
finds them. By regularly monitoring and auditing your
compliance policies, you can spot errors and problems that
require additional training and professional development.

8. z
Compliance Monitoring Systems
 There are several moving parts to a compliance monitoring
system, including policy reviews, external audits, internal
monitoring, and even policy and compliance management
software.

9. z
Thank you