Compliance is a dragon because it’s a monstrously huge endeavor to gain control of. And the reason it’s so huge is because hundreds of inefficiencies have crept in, bloating it to a beastly size. Processes, tools and people have tangled together to create a monster out of a mouse. Perhaps a really big mouse, but you get the point.
This is the fifth step in our series on taking control of compliance management in 2019. Just now joining the conversation? Check out the rest of the series:
- Survey the landscape of your compliance certification requirements
- Evaluate your vendors and auditors
- Build your budget
- Choose the best compliance tools
- Streamline compliance management (this post)
- Recruit your compliance team
- Train your people
- Automate ongoing compliance tasks
If you want to gain control of your compliance management, you’ll do it by eliminating the built-in inefficiencies that make it such a beast. The previous steps in the journey have led up to this one. Here, you’ll cut off the dragon’s legs and bring it down to a manageable size.
Map Certification Synergies
In Step 1 of the journey, you identified all the certifications you’re going for. At the time, it might have felt a bit overwhelming to think about all the requirements you have to fulfill. Individually, it could be thousands of items. Good news: you’re about to cut down a huge percentage of those requirements. Here’s how.
Most of your certifications will require you to have an information security policy. If you’re subject to six different certifications, for example, do you need to track that exact same requirement six different times? Not if you’re doing it right.
You can greatly reduce your time and energy by mapping out all the overlapping synergies between certifications. There’s no need to supply evidence for the same requirements multiple times, but most organizations are doing just that. It’s a huge time waster, and it makes that compliance dragon more terrifying.
Gain efficiencies and cut down on repetitive work. Take the time to understand the relationships between your compliance standards and streamline them for operational efficiency. Pick one compliance standard as your primary one—the standard that’s most prescriptive—and identify which of its requirements overlap with your other standards. For many companies, that primary certification is PCI. By taking the time to map out the synergies between your certifications, you will reduce a huge chunk of your inefficiencies—perhaps as much as 50 percent.
Next, find the requirements in your secondary certifications that don’t fall under the umbrella of the primary one. Identify which of those map to each other. Maybe you cover another 20 percent of your requirements. Now, instead of a couple thousand individual requirements to take care of, you’ve only got 800, for an efficiency savings of 70 percent! That’s just an example, and everyone’s situation is different—it depends on what your certifications are, but you get the point.
By mapping synergies and knocking out multiple requirements with one piece of evidence, you’ll go a long way towards slaying that compliance dragon.
Streamline Your Processes
You can also become more efficient by revamping your compliance process. Thousands of companies are bogged down by their compliance management—they’re herding cats, chasing down stray files and constantly rechecking their progress in the hopes that nothing slipped through the cracks (and at some point, it did).
The biggest change you can make to streamline your compliance management is to standardize your evidence submission process. All your evidence should be submitted to one location only, and through one method only. That means no more submissions through email, voicemail, file sharing, text messaging, Dropbox, Google Drive, meeting minutes or hand delivery.
Instead, make evidence collection consistent. It should come through one delivery method only. And the person collecting it should store it all in the same location. That consistency will eliminate countless hours of submission, hunting down missing files, communication and miscommunication, and constant status update meetings.
The best way to streamline your processes is by automating them with TCT Portal. Just by implementing TCT Portal, you get a complete, streamlined compliance management process that reduces your man-hours by as much as 68 percent. Everything from accountability reminders, to consolidated communication, to standardized evidence submission and storage location are built into the portal. Tracking and status updates are automagically available in real time.
Besides your own internal processes, there’s also your assessor’s. Your choice of auditor is critical for your process, because every auditor has their own type of process—some are very black-and-white in their approach, some consider the essence of your efforts and others that fall somewhere in between. Likewise, some assessors just care about checking the box, while others are thorough and methodical.
You want to work with someone whose process fits well with your own. If you’re a company that truly cares about security and compliance, then your decisions about your allies take on a much greater meaning.
It’s especially helpful to hire an assessment firm that also leverages TCT Portal. That way, you can dramatically streamline your overall engagement with everyone, because you’re connected to the same platform for clear, concise communication. Most importantly, remember that your licensing of the TCT Portal means that you retain control of the repository of your compliance information. If you switch assessors, your repository sticks with you and doesn’t require rebuilding.
Sharpen Your Tools
This came up in the last article, but it bears repeating. Using the right tools will greatly reduce your inefficiencies and streamline your compliance management. If you choose whatever tool is nearby, that’s like using a wrench to do a hammer’s job. But that’s exactly what most companies do when they select their process management tools.
Applications like Excel, Word, PowerPoint and text editors are intended to be managed by an individual. So some poor soul needs to be The One to make updates to those files. But what happens when two people are making updates to the same spreadsheet? You’re blitzing each other’s updates, saving over each other’s changes, and adding more confusion and time to your work—all as a result of using those tools. The tools themselves are part of the problem.
Go deeper: The Danger of Using Spreadsheets to Track Compliance
You need a solution that can facilitate multi-tenancy and track all of the updates and status changes without working against your efforts. TCT Portal lets you ditch all of your clunky spreadsheets, documents, multiple storage locations and convoluted flow charts that you’re currently using to manage and track your compliance efforts.
The portal was built specifically for compliance by folks that breathe the compliance space just like you do. There are no wonky workarounds, no square pegs to cram into round holes. It’s an elegant solution that seamlessly works with your compliance management activities.
Invest in Your People
Your people are the most important key to cutting inefficiencies in your compliance process. No matter how strong your processes or how helpful your tools are, it depends on your people to cut the inefficiencies in your compliance management.
If you’re going to slay the compliance dragon, you’ll need to have the right people on your team. Hiring and retaining those people are important enough to call out separately. We’ll get into that in the next article. Stay tuned!
Like what you’re reading? Subscribe to the TCT blog and get game-changing content delivered to your inbox each week! Enter your email in the form at the bottom of the page.