List five common work functions for the proper management of regulatory compliance listed in the EBK.

What will be an ideal response?

---

1. Establish and administer a risk-based enterprise information security program that addresses applicable standards, procedures, directives, policies, regulations, and laws (statutes)
2. Define the enterprise information security compliance program
3. Coordinate and provide liaison with staffs that are responsible for information security compliance, licensing and registration, and data security surveillance
4. Identify and stay current on all external laws, regulations, standards, and best practices applicable to the organization
5. Identify major enterprise risk factors (product, compliance, and operational) and coordinate the application of information security strategies, plans, policies, and procedures to reduce regulatory risk
6. Maintain relationships with all regulatory information security organizations and appropriate industry groups, forums, and stakeholders
7. Keep informed on pending information security changes, trends, and best practices by participating in collaborative settings.
8. Acquire the necessary resources to support an effective information security compliance program
9. Establish an enterprise information security compliance performance measures program
10. Ensure that appropriate changes and improvement actions are implemented as required