Your organization has a certain way of running your compliance management process, and introducing a new compliance management tool will require thoughtful planning. When you purchase a new solution to streamline your compliance engagements, you’ll inherently be introducing a measure of disruption to your existing system.
That’s fine — it just means you need to be purposeful about how you implement the new technology and train people to use it.
TCT has worked alongside organizations since 2013 to help them successfully implement their new compliance management systems into their operational processes. We have a proven process that streamlines your transitional time to the bare minimum. Here’s a look at some of the most critical best practices we follow when working with our customers.
Before You Implement a New Compliance Tool
Consider how your organization functions and how that will translate into the new tool. Several adjustments will need to be made, simply by virtue of the fact that you’re converting from one system to another new one.
Approach the implementation with an openness to necessary changes. An open attitude will allow you to take advantage of the capabilities of the new system that your previous one didn’t offer.
How much ROI will YOU get from TCT Portal?
Plug in the numbers and see!
Make Use of the Compliance Tool’s Tech Support
Don’t be shy about taking advantage of the expertise that’s available to you from the solution provider. The more you understand about the software’s features and functions, the more you’ll be able to configure it to meet your needs.
Get to know the features and capabilities that will help you get the most out of your new compliance management system. Ask your provider for recommendations that will make the most sense for your company. After all, they’re motivated to ensure you have the best experience possible with their system, know the system best, and can take advantage of the learning experience of previous migrations to help make yours successful!
Depending on the compliance tool you’ve chosen, you may have a lot of customization capabilities that can fit your organization’s workflow. It will be important to know which ones to configure and which ones to turn off.
TCT is very fortunate to have a great team of folks who handle the operational support and implementation of TCT Portal. Existing clients have seen (and commented on) the speedy response they receive. We aren’t the type of organization that sends you an email just to say we’ve received your email. Instead, we provide expedient resolution to support requests — typically within hours.
If you don’t see a feature that you want, ask about it. We often have those features available to turn on for your implementation. And if we don’t, we can build them into one of our upcoming functional releases. Since 2015, TCT has been integrating customer requests into our product updates — and we often get them included in a near term release.
Prep Work for the Software Implementation
Make sure the folks who are most involved with compliance management are the ones who are most central to the implementation process.
Be prepared to provision certain information to your provider. For example:
- Which of your personnel will be involved in the implementation?
- What will your approach be for the various certifications that you have?
- How do you want to go about initially configuring assignments to personnel?
Spend time getting everything configured properly in the new compliance tool. Plan out ahead of time how you want it set up.
Case study: How One Company Managed Their PCI Certification in Record Time
Conduct Detailed Testing Before Rollout
It’s a lot easier to catch needed tweaks to the implementation in the initial testing and validation phase. Configure your new compliance management system during the implementation phase and deploy a couple of sample tracks to do dry walkthroughs. These sample tracks let you play out various scenarios while involving various personnel roles in the workflow.
For example, spin up a provisioning evidence track. As you build out the track and go through your dry runs, ask several questions, such as:
- Do you want to have a step for reviewing the evidence before it moves up to the next person in the workflow?
- Are all of your third-parties integrated into the workflow at the right time?
- Can everyone access what they need to access?
- What did we forget to plan for?
Consider special use cases that may be unique to your organization. Do some dry runs to make sure the new system is properly configured for those scenarios.
If you have multiple certifications that you’re going up against, ensure that the system is
appropriately mapping evidence into the right destination. For example, if you’re going up against PCI DSS as well as ISO 27001, verify that the network diagram gets populated in the right spot in the PCI track as well as the ISO track. You want the system to do the work for you, to take advantage of all the efficiencies you can build into your compliance process.
Once you’ve thoroughly vetted the process, you’re staged well to smoothly operate the system in a live compliance engagement, without an onerous process.
Train Your Compliance Personnel
Once validation and any modifications are done, start orchestrating your training. Organize your training by groups — for example, if you have personnel and vendors who are provisioning evidence, put them all in the Provisioning Evidence training group.
Show each group how to use the system, keeping the training relevant to their particular role. Walk through all the tasks and activities they’ll need to complete within the compliance management system.
Train everyone who will be using the new tool, including internal employees, vendors, third-party partners, Consultants, and Assessors.
Pro tip: It’s tempting to train everyone right away, as soon as the new compliance system is implemented. But many of your personnel won’t use the system for a couple months or longer. By the time they need to start working in the compliance tool, they will have forgotten most of their training. Instead, train each group of people just before they need to start using your new compliance management system, so they can get the greatest benefit from their training.
Featured eBook
The Rock Solid Business Case for Compliance Management Software
Discover How to Get a “Yes” from CFOs That Love to Say “No”
Conduct a Post-Mortem
As you come to the end of your first compliance cycle with the new tool, conduct a post-mortem. Gather inputs and feedback from your team, soliciting process improvements and other needed adjustments to make for the next compliance cycle.
Additionally, look ahead to the coming year for any upcoming business requirements which would need to be integrated into the upcoming compliance cycle, such as an acquisition or a new compliance standard to integrate.
Gathering these inputs from your team is especially helpful while it’s still fresh in everyone’s mind. It allows your organization to incorporate these modifications into your next compliance cycle. Often we’ll see organizations making less modifications in future years, but it typically takes several full compliance cycles to dial in your program in a way that works best for your organization.
How Long Should Software Implementation Take?
How long should you expect software implementation to take? For many systems, you can expect implementation to take several months — sometimes as long as a year. However, TCT Portal is typically up and running for a company anywhere from a few days to a couple of weeks.
Need a system that’s easy to implement and makes compliance management suck less? Don’t make a purchase until you’ve talked with our team. We’ll help you determine for yourself if TCT Portal is right for your organization.
Get your
personalized demo
See what TCT Portal can do for your organization
