There’s nothing like a smooth, efficient, chaos-free client engagement. Unfortunately, there’s also rarely a smooth, efficient, chaos-free client engagement. For a successful compliance assessment, you have two teams with two different cultures that need to integrate as one. When you’re not on the same page, it generates friction that throws off your compliance assessment.

Your job as a QSA is to help your PCI clients successfully navigate their objectives, get on the same page and work with you, as a single team. Here are five tips to improving your client relationships for more efficient assessment engagements — and a more enjoyable partnership.

Handpicked related content: 4 Things to Remember About Your Compliance Clients

1) Second-Guess Your Communication

Just because you’re relaying information to your PCI client, that doesn’t mean you’re communicating well. It’s easy to forget that your clients don’t have your knowledge or experience, and you may need to communicate with them like you’re explaining a firewall to your grandmother. Don’t use jargon they won’t understand, and always explain the why as well as the what.

Consider the best method of communication. Email and texting may be convenient, but that doesn’t mean they’re best. Email doesn’t communicate non-verbal messages, which can lead to misunderstandings. You also can’t have real-time conversations that let you get on the same page quickly. Depending on the situation, you may need to get on the phone or schedule an in-person meeting instead of sending a text or email.

Electronic communication is great for:

  • Giving succinct directions
  • Sharing clear information and data
  • Providing brief status updates
  • Ensuring there’s a record of your communication
  • Directing someone to an online source for more information

Email and texting are bad for:

  • Extremely important or sensitive messages
  • Delivering long or complex information
  • Communicating emotional content
  • Extended conversations that have multiple threads

Be a good listener. Ask clarifying questions, and seek to understand them. The more you know about your client, the better you’ll work together, as a team.

Most importantly, always encourage questions. Better to nip something in the bud before it becomes an issue.

2) Be an Educator, Not Just an Assessor

Your work with PCI clients will be much more successful if you take the time to educate them on certain basics. For example, make your expectations for clients clear from the start — before the contract is signed. Let them know what they’re in for, and keep an eye out for bumps in the road that might be approaching.

Your clients may be new to the PCI compliance realm — and even if they aren’t, they may still see it as a mysterious black box. They don’t understand how it works, and they have no clue what they need to provide to you. They may not express it, but they have basic questions:

  • What will the assessment process be like?
  • How many days will it take?
  • What kinds of questions will be asked?
  • What will you be looking for, and why?
  • What happens if a problem is found?
  • Is my job in jeopardy?
  • What is the final deliverable?
  • Who should I contact if I have questions?

Take some time to explain your own processes, as well as the certification process. Make it easy for them to find clear explanations of each requirement, and what kind of evidence passes muster (and what doesn’t). The more they understand, the easier it will be to work with them.

Bonus: share this with your clients! What Does Your Compliance Auditor Expect from You?

3) Build Relationships

Successful assessment firms understand that their clients aren’t organizations, but real people. When you’re trying to stay on schedule and under budget, it’s easy to become myopic and focus only on getting those tasks completed. When you drop the relational aspects of your engagement for the sake of efficiency, you’re in danger of throwing sand in the gears.

Compliance assessments are highly relational. Your clients are letting you look under the hood, and you’re exposing their failures. It’s a tense period for your points of contact, because their professional reputations are on the line. Their own client relationships may be on the line as well. And chances are, a few people at the organization think their jobs are on the line.

That kind of stress, and the time constraints on the engagement, can strain the process and erode your productivity. The entire engagement becomes more onerous and sluggish.

Take the time to build relationships with your clients. Ask about their families, engage in small talk, show a sense of humor. Get to know them as individuals, and let them see you as a real person too. You’ll tear down walls and reduce any friction in the engagement. As a result, your client will give more of themselves to the tasks at hand, you’ll work more efficiently together, and you’ll enjoy the engagement more.

4) Be Proactive

If you’ve been an assessor for long, you can spot trouble before it comes. You know early on when your client is hiding something, or if they’re going to be high-maintenance. You can tell when their lack of compliance experience is going to mean extra work for you.

Don’t wait for the trouble to come to you. Be proactive and nip the problems in the bud. Remind your clients what their role is and what your role is, and keep them accountable for their end of the deal. They’ll be glad if you stop problems before they start.

Be proactive in your firm, as well. Keep an eye out for opportunities for improvements, and turn lessons learned into enhancements in your processes and procedures. Approach your engagements with an eye on continual improvement—otherwise, you’ll keep hitting the same problems.

5) Be Easy to Work With

Sometimes you’ve got to be firm with your clients, but it’s also important to be flexible whenever possible. You’re working as a team, which means there’s got to be some give and take. The easier you are to work with, the more your clients will cooperate with you as a result.

Some best practices to follow:

  • Leave your ego at the door. It’s easy to become offended by a simple miscommunication—especially email or text. Rather than jumping to conclusions, assume the best about your client. And remember, you’re there to serve them—don’t slip into a demand-centered mindset.
  • Be flexible to their needs. Sometimes your client will be bound by their own processes, communication protocols, and legacy systems. They may not always be able to deliver what you need, when you need it, how you need it. This is a team sport—be as flexible as possible to make it a mutually enjoyable engagement while meeting the essence of the requirement in question.
  • Use helpful technology. Automate as much as you can, and use a system that streamlines your work with clients. TCT Portal is gaining a reputation for clarifying requirements and maximizing communications between QSAs and their clients.

Related content: Automation Software Makes You a Better Assessor for Your Clients

Build a Winning Team

Not every engagement will be an ideal client. But if you initiate these five steps, you can avoid a lot of the drama and chaos that characterize many compliance assessments.

TCT is your partner to help streamline client engagements. We’ve been on both sides of the compliance process, and we have years of consulting experience under our belt. We can deliver real business value to your assessment firm. Start a conversation with us to discover how we can strengthen your company.

Get industry insights delivered to your inbox—subscribe below!


You may also like