- Tech Professionals Highlight Critical AI Security Skills Gap
- Best Prime Day smartwatch and fitness tracker deals to shop in October 2024
- The Kindle Paperwhite comes bundled with a case for just $135 for October Prime Day
- CIO intangibles: 6 abilities that set effective IT execs apart
- Fraud Repayment Rules Could Leave Victims Struggling – Non-Profit
Justifying Compliance Tools Before a Breach Occurs
Breaches, be they accidental, careless, or malicious, are an inevitability for most companies. Depending on the industry, the consequences could range from something as minor as a little public embarrassment to hefty fines, lawsuits, expensive remediation actions, and loss of customer confidence (and, with that – business).
The question is, how can compliance use this to its advantage and get a share of the security budget before something happens?
What I hear most often in my travels is: “Never let a good incident go to waste.” This means that if you need funding, you leverage the misfortunes of others (or incidents within your own company) to secure it. This has been incredibly successful in companies I’ve worked with or consulted for in the past, but it is probably not the best strategy as you are working off a negative event.
Another approach that has seen some success, though I can’t endorse it, is the “sky is falling” tactic. I’ve sat in on those “if we don’t invest in a compliance tool, we’ll face astronomical fines” meetings. While this fear-based strategy might get initial attention from executives, it often backfires. Once you’ve secured the funding, proving ROI becomes an uphill battle, and you’ll inevitably be asked to justify the investment.
Start Small, Scale Smart
The most effective way to secure funding is to bake it into a broader strategic plan. Start with a small, manageable investment and gradually demonstrate how the right product streamlines workflows while ensuring compliance. This approach makes it easier to gain approval and builds a strong case for future investments as the benefits become increasingly apparent.
When evaluating a plan, establishing a strong foundation before investing in a tool to support your compliance efforts is key. This foundation begins with well-defined corporate policies that clearly outline your expectations for business teams in terms of how they will ensure compliance with the relevant rules, regulations, and laws.
Once expectations have been set, focus on educating company leaders, managers, and supervisors. Have them develop and communicate their plans for adjusting workflows to ensure compliance. This approach will help you integrate compliance into daily operations.
This is your first step towards getting funding.
Avoiding the Profitability Drain
Once the teams have established their workflows, it’s essential to audit them for compliance. Inevitably, these workflows will rely on non-invasive methods to keep productivity up, particularly in the absence of a support tool, which can create gaps in meeting compliance requirements.
Partner with the business teams in reviewing products like Fortra and have them champion how a product that will help classify and manage customer data will speed up workflows. You are more likely to gain buy-in when the positive message comes from multiple voices beyond the compliance team. Involving business teams responsible for executing compliant workflows is far more effective than relying solely on compliance individuals or teams advocating, “A good tool will help us be more productive.”
Everything is a balance in the workplace; you need to adhere to rules and regulations, but if you do so in a way that impacts productivity, it will drain profitability.
That is your key; focusing on profitability and team performance is your ROI. If a manual process to maintain compliance allows your customer support team to process eight customers per hour per agent, but a tool lets them process 20 customers per hour, that is good money spent.
A Perfect Example
I worked with a pharmaceutical team that dealt with highly regulated medications (opioids), and each team member, with the process they had, could process eight prescriptions per hour. As you can guess, with such a sensitive topic, there were strict processing standards and procedures to ensure approvals/denials were correctly handled.
After reviewing their process, we determined a tool like Fortra’s Data Classification Suite (DCS) could speed up per-person performance while adhering to the required standards. We worked together to design a new workflow with the new tool, and after two months, they reported a per-person performance improvement to 14 prescriptions. When being audited, they simply pushed a button that produced an audit report (whereas in the past, audits took weeks of work).
That business leader then became the loudest proponent of the tool in company town halls, blog posts, and messages on company chat boards. Expanding the program then became easy for the compliance team.
Are all stories that perfect? Unfortunately not. This is one of the success stories we all try to emulate, but they are rarely that smooth. In this case, we found a great team within the company willing to try something different for a very important and sensitive process that was heavily regulated (the regulations had regulations).
Look for Opportunities
As I travel the country and meet people at trade shows and conventions, I’ve heard other success stories like this one. Keep at it, look for opportunities, and partner with your business teams.
Once you do, come up with a plan, implement manual workflows, and measure productivity, then find that team willing to try something better and have them be your champion.
When looking for a tool to help manage all that sensitive data, make sure you try Fortra’s Data Classification Suite (DCS). Easily the most flexible tool on the market that will allow you to meet the needs of the regulatory body that oversees your business and does it in a way that is easy for a person to understand what they are working with while baking in checks and balances in the background.
