The value of compliance is often questioned by senior executives who perceive it as an obligatory tick-box exercise that rewards little and lacks investment from the board. Achieving standards such as PCI DSS compliance involves a mountain of effort, tying up valuable resources. But the conventional audit-centric approach to compliance leads to compliance levels dropping off in between annual audits. This puts the business at risk, leads to fines for non-compliance, and also undermines the value of such standards. The elements of change can be summarised as the three Cs of compliance continuous, collaboration and control-centric.”]
Source: https://informationsecuritybuzz.com/news/raising-profile-compliance-3-cs-success/