Presented by Laika
Compliance is the foundation organizations need to grow organically, build trust with customers and partners and increase the bottom line. In this VB On-Demand event, learn how to get started on your compliance journey – and turn it into a competitive advantage.
“Any compliance effort, regardless of the certification, is not a compliance department issue or an HR issue or an engineering issue — it’s going to be a company issue,” said JP Higgins, head of business operations at Trellis, during a recent VB On-Demand webinar event.
Higgins sat down with Cristina Bartolacci, strategic compliance architect at Laika, about why compliance is critical for organizations today — not just as a way to mitigate risk, but as a competitive differentiator and a foundation for growth. Compliance is about ensuring a company is up-to-date in any certification process, improving security posture and setting up the organization to move forward as it matures.
“Compliance is actually operational excellence,” Higgins explained. “These are not random things that the government or some sort of department is trying to get organizations to do because they think it’s going to make their lives harder.”
Compliance is an ongoing, living process, he also noted. It requires some heavy lifting from various stakeholders across the organization when the process kicks off, but it’s not a one-and-done effort. And it’s essential that the entire organization not only understands that, but understands the goals of a compliance effort, what the business value is, and most importantly, what is going to be expected from them.
“It’s critical to marshal the resources from multiple different departments,” Higgins said. “For us as a startup, there’s nobody sitting around not doing work, right? Getting room on the road map for any type of compliance-related activity means you’re going to be competing with multiple other priorities.”
Senior leadership messaging around how critical compliance is, and marshaling resources to the cause is very important, or else it’s going to be a very difficult, painful process, particularly the first time through, he said.
“I’ve seen programs stall or lose progress or momentum if you don’t have the C-level buy-in or management level buy-in,” Bartolacci agreed. It really does determine the tone around such a critical component of growing and scaling a business.”
“The most successful companies are the ones that have this mindset,” Bartolacci added. “The ongoing maintenance is huge, but especially for first-time builders of compliance programs or security posture. You really do need to make sure that it’s very top of the ladder, all the way to the very bottom. Everybody is going to be involved, in some capacity, in making sure that the program runs like a well-oiled machine, because it can’t fall on just one person to get the company-wide objective across the board.”
Once the mission and the value of the program is sold to the organization as a management objective, the best technical place to begin is with a foundation of policy, she said. Policies will outline everything from your information security policy, which governs change management processes, all the way down to people organization, to the more technical side, such as software development life cycles, data classification and sensitivity. From there, procedures are how to implement those policies, and controls are the individual action items that comprise those procedures and greater policies.
“If you move your mindset from compliance being something that’s being added onto your organization, to something that’s enhancing the operational excellence of the organization, then it becomes a lot more palatable,” Higgins said. “All of the controls and the policies start to make a lot more sense, because you realize that it’s actually enhancing the company. It’s allowing the company to grow and scale in a safe way.”
For the full conversation, including insights into key best practices and procedures, the technology essential for a seamless compliance strategy right from the start and more, don’t miss this VB On-Demand event!
- Demystifying policies, standards, and controls in a company’s compliance journey
- Things to consider when establishing a compliance program
- Overcoming the roadblocks to attestation and certification success
- Filling the gaps and tackling the hardest controls and policies to implement
- Insights gained from real-world “wish I had known this when I started” moments
- JP Higgins, Head of Business Operations, Trellis
- Cristina Bartolacci, Strategic Compliance Architect, Laika
- Chris J. Preimesberger, Moderator, VentureBeat