Authored by Brian Odian for VikingCloud’s Compliance Elements Series, available on YouTube.

When planning a compliance program, you don’t want to make the mistake of planning for each individual standard you want to, or need to, comply with.

For example, a company may have ISO27000 certification requirements coupled with compliance to PCI DSS and GDPR. There would be so much duplication of effort if you followed the path of treating each requirement as an individual project.

Each standard you want to comply with, or apply to your organisation, must flow up into one overarching compliance program. And there are multiple reasons why that will work in your favour. The first being the synergies between standards that can reduce duplication and effort. This is just a subset of standards across the world that exist today.