There is no denying that we have entered a new zeitgeist with strategic compliance. Organizations have been thrust into thinking about how to securely enable the productivity of a remote workforce. This is an opportunity for organizations to completely rethink their approach to compliance.
A Gartner, Inc. survey of 317 CFOs and Finance leaders on March 30, 2020, revealed that 74% will move at least 5% of their previously on-site workforce to permanently remote positions post-COVID 19.* Now is the time for IT leaders to transform their organizations with strategic compliance. Centralize, consolidate and standardize audits to save time and money.
How many customer audits are performed every year? How much time is spent preparing for audits? How do these requests for compliance impact other operations? Is it possible for an organization to standardize policies and procedures to automatically satisfy customer requests? How can an organization plan to maintain continuous compliance? These are the questions that organizations must consider when making the transformation to strategic compliance.
A-LIGN proposes a four-step process to guide organizations toward strategic compliance:
Enlist the assistance of the C-Suite and other business stakeholders to determine which security certifications are in highest demand; coordinate with sales and marketing teams for further insight into customer needs. Set goals and objectives with each stakeholder for each framework and establish the impact of each audit across all lines of business before beginning work. Design a survey or leverage a technology-enabled service provider that can help prepare for the audit process.
Establish internal ownership for certification and audit preparation; educate subject matter experts on audit requirements. Partner with technology-enabled service providers to automate manual data collection efforts. Perform a gap analysis of security controls against certification requirements to identify shortcomings.
Consolidate audit service providers with a single vendor and consolidate requirements into a single annual audit. Determine which data is in-scope for each audit, and identify which systems contain that information. Inventory and assess structure and unstructured data across databases and applications.
Work with an audit team to provide a detailed assessment of compliance, including technical, process and legal requirements. Define a strategy for achieving compliance, including recommended controls. Improve past processes based on current findings. Present to internal stakeholders and executives.
Elevate to Strategic Compliance
Technology has a critical role to play in achieving strategic compliance. The goals of centralization, standardization and consolidation can be enhanced with technology – but it is important to be intentional in how this technology is selected. For example, an organization that is using spreadsheets and email to conduct an audit may realize how much easier a governance, risk and compliance (GRC) management solution may make its compliance program, but even a GRC solution has the potential to introduce friction if it takes extra work to share evidence with an assessor.
A-SCEND 2.0 is an end-to-end compliance management solution purpose-built for assessment and designed for the end-user with minimal jargon and maximum performance. The same tool used to collect evidence is the same tool used to conduct audits.
A-SCEND saves time and money by centralizing evidence collection, standardizing compliance requests and consolidating the audit process. Team members can collaborate on work, managers gain visibility into key metrics and anyone can feel comfortable approaching the audit process. A tool like this greatly accelerates the shift to strategic compliance.
*Gartner Press Release, “Gartner CFO Survey Reveals 74% Intend to Shift Some Employees to Remote Work Permanently,” 3 April 2020. https://www.gartner.com/en/newsroom/press-releases/2020-04-03-gartner-cfo-surey-reveals-74-percent-of-organizations-to-shift-some-employees-to-remote-work-permanently2