Compliance and the rules

Compliance: Liberation through rules

Let's consider the case of Zylker Corporation, a software provider that started out a few years ago. Zylker, in spite of being a startup, has caught the eye of many due to its expansion from five employees to 500 in a matter of few years. Its revenue has increased multifold, and people look up to Zylker now as a symbol of growth and dynamic work culture.

One of the main reasons why startups like Zylker disrupt business is their culture of freedom and flexibility. These traits help them survive in the market because they are able to adapt to change effectively and efficiently. This culture has obviously worked, as an increasing number of Zylker-like companies have cropped up over the past few years.

When Zylker’s flexible culture is met with the obligation of compliance, it unsurprisingly faces some resistance. Its culture of freedom, where employees can get things done in their own way, suddenly needs to introduce rules like:

  • Every time you want to hire a new employee, do a thorough background check.
  • Every time you want to access your own data center, follow a rigorous identity verification process.
  • Every time you want to work with a new vendor, do a comprehensive risk assessment.
  • Every time you want a customer to sign in to your application using a new device, ensure they use multi-factor authentication.
  • Every time you want to add a field that could contain sensitive information to a form, use encryption.

A typical Zylker employee might see every single rule like the ones above as a hindrance or even a sign of oppression. If you were a member of upper management at Zylker, you might even believe that these rules will curb your employees' freedom and delay their progress.

But compliance is actually a form of liberation through rules.

  • If you do a background check, you will never have to worry about a crucial resource's integrity.
  • If you make strict access controls a habit, you will not have to look beyond your own organization for the source of a data breach.
  • If you have a strict vendor onboarding procedure, you can confidently tell your customers that their data is safe even when it is not with you.
  • If you make multi-factor authentication a default setting, you can deal with imposters more efficiently.
  • If you use encryption, your customers will feel a lot more secure even when your systems are breached.

The liberation that compliance brings helps you move forward in business with confidence and authority. Accepting this is the key to establishing compliance within the roots of your organization.

Compliance and the need for process control

Fundamentally, compliance is just a set of rules. But is that all there is to it? We’d argue compliance is much more than that. It is also:

  • An assertion, a reassurance that your process is working the way it should and is achieving its objectives.
  • A much-needed brake for your company. Imagine what would happen if your organization didn’t have any brakes—you’d have to keep a modest pace to avoid running into obstacles or endangering those around you.
  • A permanent reality check to remind you that your processes must always be worked on.
  • Above all else, an entry ticket: something that your customers use to let you be a part of their business.

More than being a rule, compliance is a platform that literally raises your standards. Your efforts towards compliance will improve your process control. When everything goes according to plan, the process seems to be in control. But, in reality, things can get out of hand. When you comply with these rules, you increase your chances of getting the process back under control as smoothly and quickly as possible.

When you are compliant, you can confidently propel your business forward, and your compliance will answer most of the questions asked of you.

Should you drastically change?

When you introduce these rules, you are bound to think there is a huge change coming your way. But the change is just in how things are done and not what is done. The rules in the previous section are minor modifications and enhancements to the processes that your business already has is in place.

There is a good chance that you already have what most of the laws demand.

The changes required for organizations to become compliant are far from drastic, but they require a higher level of understanding and a new approach to processes.

ZOHO STORY

Did Zoho drastically and quickly make a number of changes to its processes? The answer is a big no. Just like any successful organization, we already had our process controls—the ones required to run the company smoothly and efficiently. Thanks to ISO certifications, we got a taste of international standards. However, we still had our work cut out to adapt to a new wave of compliance with rising number of international laws and standards.

How did we adapt? We realized the value of what we already had. After gaining a thorough understanding of the controls required by the GDPR, and other laws we needed to comply with, we built those controls on top of the ones we already had. The result? The changes we needed to make were smooth, simple, and gradual.

Compliance does not ask you to redo everything and wreak havoc. It simply asks you to review your processes, add controls, and strengthen those controls to lift your organization to international standards.

And that's exactly what we did.

Get fresh content in your inbox

By clicking 'keep me in the loop', you agree to processing of personal data according to the Privacy Policy.