If you’re VP Compliance or Chief Compliance Officer, then you’re certainly used to process. You developed your response procedure for a compliance request a long time ago with a clear workflow and sound process that includes all of the relevant internal and external contact points, including legal counsel where necessary.
But one of the questions that we get asked with increasing frequency is, “just how do I bring corporate web content into my compliance process without creating a separate silo or compromising the use of existing compliance systems?” It’s not a trivial question.
Corporate web content is increasingly broad in scope and a good compliance policy has to accommodate the fact that not only is the content changing, but the way it’s delivered is becoming increasingly complex. Whether it’s externally focused web content, like a corporate website or social media, or whether it’s internal content, like an intranet or wiki, is it ready for a compliance event? And as we often say, a good quality compliance process should take into account the content you’re producing now, but also what’s likely to happen in the future.
So how to respond? Here are the top five tips to prepare corporate web content for a compliance audit:
1. Don’t ignore your web content. Make it a core part of the process because it’s not going away anytime soon. You might think this is an obvious point to make, but you’d be surprised at how many people we come across who either don’t have a plan or who are just hoping the problem will disappear. Make sure web content is part of your process and workflow. You’d probably be surprised at the vast array of content that you should be tracking and managing. Whether it’s a simple request, such as how many times the phrase ‘no interest’ has appeared on your site, or whether it’s the need to check content due to a regulatory rule change or a litigation request, Compliance needs a quick, easy and reliable way to make that happen.
2. You need a method that’s quick because you never know when a request will hit you and every minute counts. If there’s litigation involved, the speed of response can make a difference in cost and risk assessments. And when the regulators are on site, there’s nothing like a quick response.
3. You want it to be easy because it can be easy. There are people who will tell you your website is too complex or that it’s difficult to capture. We don’t agree with them. There are ways to make life difficult, like ignoring the problem or recovering from backups (which relies on a whole series of factors that are outside your control) but it doesn’t have to be. The proper solution can make it easy on you.
4. You want it to be reliable. It may sound obvious, but there’s no point in having a great process that produces a poor result, so it’s worth taking care that you record a forensically sound copy of the web content. There are standards for this kind of thing (see our posts on the ISO 28500 standard), so anything else is just unnecessary risk.
5. Make it future-proof. You need a compliance solution that allows for future-proof collection of corporate web content, whatever the complexity; subsequent play back of collected web content should be identical to the original content and accompanied by a full audit trail to ensure authenticity.
Look for a solution that will integrate with your existing downstream systems and you can rest easy that you’ve integrated web archiving and content into your overall compliance process.
Need more help preparing web content for compliance? Please contact us.