How to Untangle a Regulatory Compliance Mess – InformationWeek

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and Informa
Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.
When regulatory compliance gets messy, it’s up to the CIO to fix the situation or face dire consequences. Here’s how to straighten things out easily and quickly.
June 27, 2025
Today's businesses are rapidly evolving, and this means CIOs can be at the center of embracing new technologies, dealing with security threats, and adapting to various social responsibility guidelines. Yet no matter the industry or company size, all enterprises must adhere to specific regulations. Successful regulatory compliance requires adhering to a set of guidelines that must be followed. Failure to do so can lead to heavy files and/or sanctions. 
Keeping pace with compliance mandates imposed by national, regional, and local regulatory agencies, as well as specific industry organizations, is emerging as a major CIO challenge. The sheer number of compliance bodies and regulations, and their rapidly changing nature, makes it very easy for a once well-structured compliance program to become a mess. The result can be punishing fines and penalties and a CIO sitting in the hotseat. 
Maintaining constant attention and oversight are the best ways to keep compliance mandates from spiraling out of control, says Trevor Young, chief product officer at cybersecurity firm Security Compass. "When a compliance issue suddenly appears, take a step back and do a full-scale review," he advises in an online interview. 
Young stresses the importance of bringing the right people to the table — legal, security, IT, operations — in order to obtain a clear picture of which regulations apply to your organization and where you're falling short. "Once you know what you're dealing with, create a plan that prioritizes the biggest risks first," he recommends. Don't try to fix everything at once. "Tackle what could hurt the business most — quickly and clearly." 
Related:Shadow IT Isn’t Your Enemy — It’s Your Secret Weapon
Young notes messy compliance can be costly in several ways. Regulators don't wait forever, and costs can mount quickly. "If it drags on, you're opening the door to fines, lawsuits, bad press, and even worse — security breaches," he warns. Additionally, once customer trust is lost, it's very hard to win it back. "The longer the mess goes unresolved, the bigger the risk." 
While CIOs are often active stakeholders in many compliance initiatives, they're not solely responsible, observes Chris Reffkin, chief security and risk officer at cybersecurity company Fortra. "CIOs should be engaged with peer leaders to understand how they will work together to address whatever compliance issues may be specific to their particular organization," he says in an email interview. 
Reffkin believes that it's important to maintain a positive attitude. "Compliance is compliance, and you simply need to navigate it," he says. Reffkin recommends leading through problem solving. "When discussing decisions, responses, and general coordination among the cross-functional team, ensure that all internal stakeholders have representation." 
Related:InformationWeek Podcast: In Predictive Data We Trust?
Make compliance part of the company’s everyday rhythm, Young advises. "Use tools to automate checks, bake them into development and deployment pipelines, and keep the training fresh," he says. "Most important, shift the mindset — this isn’t just about avoiding penalties; it's about building trust and resilience." 
Compliance shouldn’t be viewed as a burden, Young says. "Done right, it can actually create a competitive advantage," he explains. He believes that companies that handle compliance well tend to have stronger systems, gain more trust from customers, and encounter fewer surprises down the road. "It's not just about checking boxes — it's about raising the bar," he concludes. 
Rick Kenney, CIO at systems integrator Myriad360, recalls the time when he was promoted from IT lead to CIO. "Almost overnight, I found myself fielding client security questionnaires, hunting down attestation documents that didn’t yet exist, and working with legal to negotiate terms in client MSAs (master service agreements)," he says in an online interview. "It was a crash course in a side of IT I hadn't seen before and, as I quickly learned, much of it was shaped by national and state regulations." 
Related:How to Become a Highly Effective CDO
Suddenly finding himself responsible for governance, risk, and compliance duties, Kenney knew he had a lot to learn. "Thankfully, I had the support of great mentors and leaders at Myriad360, who created a culture where I felt safe asking for help." 
Seeking external support, Myriad360 retained an external consultant to serve Kenney as a compliance mentor. "Having access to an outside expert has been indispensable," Kenney says. He notes that the mentor gave him the freedom to ask questions, understand his company's regulatory obligations, and create a plan — all without feeling that one wrong move could cost him his job. 
Regulatory compliance didn't feel overwhelming once I had the right framework, Kenney says. "It felt like work I already knew how to do," he explains. "The trick was shifting the mindset from 'this is a minefield' to 'this is another initiative that needs to be executed well.'" 
John Edwards
Technology Journalist & Author
John Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.
2022 State of ITOps and SecOps
You May Also Like
Jun 24, 2025
May 29, 2025
Apr 29, 2025
Jun 3, 2025
May 30, 2025
Solution Overview — Nerdio Manager for Enterprise
A Guide to Azure Virtual Desktop Cost Management
Rocket Software Named a Major Player in the 2024 IDC MarketScape for Intelligent Content Services
Rocket Smart Chat for Product Information: Revolutionize product sales and support with the power of GenAI for product information
Rethinking the Role of Mainframe Data in Enterprise AI and Analytics
Copyright © 2025. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.