Webinar

Mastering multiple compliance frameworks

Navigating the complexities of compliance strategies

April 8, 2025 · Authored by Samantha Boterman, Nicole Kramer

Managing multiple frameworks can feel daunting, but a unified approach can streamline the process and reduce the redundancy of overlapping controls. In a recent webinar, Baker Tilly cybersecurity specialists discussed the intricacies of managing multiple frameworks for effective compliance management.

As with all effective compliance management, success begins at the outset. Challenges in navigating multiple frameworks must be addressed before embarking on an assessment; one of the first points of action is to determine whether your organization may successfully address aligning several, sometimes conflicting, requirements or whether resource constraints necessitate professional assistance.

Challenges of multiple compliance frameworks

Challenges can often lead to confusion and inefficiencies. Individual frameworks may overlap or have conflicting requirements, making it challenging for your organization to align compliance efforts effectively. For example, the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) have different data retention requirements emphasizing minimizing data retention vs. mandating retaining data for extended periods. These conflicting compliance requirements are a great example of why it’s difficult for organizations to develop a unified data retention policy. Additionally, vendors or customers may have conflicting compliance standards, further complicating the alignment of compliance efforts.

Managing regulatory risks requires significant investment in time, money and personnel. Many compliance teams still rely on costly manual processes, which can be a major resource constraint. The regulatory environment is constantly evolving, with frequent updates and new regulations emerging. For instance, in 2023 alone, nearly 40 U.S. states and Puerto Rico introduced 350 consumer privacy bills, according to the National Conference of State Legislatures (NCSL).

Senior management must be involved in integrating the risk management strategy with the organization’s strategic goals. Without solidified stakeholder buy-in, it becomes challenging to align these strategies effectively. Where organizations manage similar requirements separately for each framework, overlapping requirements can lead to duplicative efforts. This duplication can be inefficient and burdensome for compliance teams.