There has always been a perceived tension between compliance (strings) and sales (helium). It is hard enough to get off the ground and run a profitable, successful business in 2022 without being hamstrung by compliance. This sort of overhead expense not related to the direct pursuit of business should be dealt with carefully and sparingly unless it does impact the direct pursuit of business.
Trust - Risk
Obviously, there is some impact. Compliance does exist for a reason. Trust is key to customer-vendor relationships and all relationships in general. Someone needs to guide the balloon down the street so it can reach its destination without crashing into buildings and causing unknown damage (Governance - internally enforced). In addition, to create a safe environment for the onlooklers and participants rules and standards need to be created and enforced. e.g. Use this many strings and people and follow the parade route (Compliance - external enforcement from police or organizers).
Ok, but how much compliance is really necessary?
Whatever is required - external requirements
How much Governance is required?
Enough governance is required to satisfy external compliance requirements within a certain threshold of risk.
Shrink One Side of the Trade to Zero - Dreaming
This amount can depend on the industry and the individual company’s feelings towards risk. How can we even measure and understand this risk without compliance to assess the risk? We can’t. Heisenberg's uncertainty at its best. So, let’s look at and understand the risk at minimal cost. This means fewer resources and less of their time, making a strong argument for automation. Compliance must be automated. So, they say…
But this is merely the starting point. A perfect system could collect the necessary evidence to ensure that best practices are being followed with only correct configurations being used, enforcing policy and making sure nothing has changed. SOC 2, HIPAA, and ISO reports would be produced each year at the push of a button and would contain a complete understanding of risk. This system would be deployed at the push of a button and deliver value in minutes, not months. The compliant toy company could sell its blue plush bison to the same trusting customers for years. But what if they wanted to sell purple cows to these or other customers? Time to set up the new automations.
End of the Dream - Reality Sets In - Compromise - Win
Seems what we really need are automations and easy ways to set them up, especially if we are going to push out new bovine pets on a more regular basis. Looking back, the goal was to minimize cost and automation was only a method.
ComplianceCow provides efficient workflows to establish automation, orchestration, and collaboration for continuous compliance monitoring. It goes beyond automation to create efficient control. Busy work is eliminated and redundant work is consolidated. Deploy policy or multiple policies on the same evidence-collection engine to drive cross-policy consolidation.
Learn more about automation, collaboration and orchestration.