By Grant Elliott, CEO, Ostendio
Twitter: @ostendio
In nearly every conversation I have with a compliance officer, what I hear is the need for more time to do all that the job entails. So, if you’re feeling more reactive and tactical than strategic these days, you’re not alone.
Today’s compliance officers face an ever-mounting challenge to keep up with both the complexities and the “administrivia” required for realizing ongoing privacy and information security compliance. With cyber threats at the forefront of every risk management discussion, you’re likely being called upon to help the CTO with cybersecurity planning and incident mitigation, too. And often simply hiring you is considered by management to be the solution, without appreciating that you too need tools and resources to be effective.
As a modern compliance officer, you’re likely finding a spotlight trained on you. Your expertise and insight are more valuable than ever, but it’s hard to finesse strategic focus when day-to-day details clamor for attention. However, even if you can’t take back all your time, maybe – just maybe – you can change how it’s allocated.
6 Ideas for Tipping Time in Your Favor
- Be part of your organization’s strategic planning. Compliance activities, privacy, and information security are – or should be – an inextricable part of business operations. Do your best to facilitate a “yes”, but also learn how to effectively say no. If you say no, and explain the law or risks involved in your decision, people are much more understanding of the decision made.
- Become a trusted source for process improvement. Privacy and security policies and procedures can and should be intertwined in daily business processes. By becoming strategically aligned with different departments, and understanding the motivation of the business, you will find yourself in a position where you can efficiently and effectively tie security and privacy policies into day-to-day business procedures.
- Work closely with the CTO on information management and cybersecurity protocols. You have a natural alignment of goals; it can help assure successful administrative, physical and technical information security.
- Create a grassroots compliance movement. Weave cybersecurity awareness and privacy and security messaging into all workforce training and professional development curriculum, employee communications and company meeting agendas. MyVCM sends a weekly email to everyone on the platform to let them know their weekly compliance score, benchmarking them against their peers, and gamifying the compliance process. You can start to create a culture of compliance by again, making it a part of day-to-day business proceedings.
- Make technology work for you. Spreadsheet lists and calendar reminders are all very good, but an overall compliance management tool that helps you not only assign but monitor action tasks, protocols, training requirements and documentation will streamline cybersecurity and information management.
- Data will set you free. Not literally – but by measuring everything you will be able to justify the need for additional resources and budget without having to resort to scaremongering. You can’t manage what you can’t measure. Simply tracking the volume of required activity can be enlightening.
Traditionally, compliance officers are subject matter experts, pulled into everything from an OCR HIPAA Audit to a SOC 2 Audit. With the continued increase of government rules and regulations, compliance officers, now more than ever, are imperative for successful strategic growth. If you’ve found yourself in an ever-expanding role with the hectic activity of day-to-day stifling your effectiveness, perhaps now is the ideal time to think about using technology to help.
This article was originally published on Ostendio and is republished here with permission.