Compliance

A Seat at the Table - Why Compliance Needs to be a Top Priority (if You Want to Grow, That is)

Yair Kuznitsov
May 4, 2022

Any leader reading this has likely had the following experience; There’s a board room with a long mahogany table. At this table sits the C-suite, VP Marketing, VP Sales, the CIO, and assorted board members. In this room, things are happening. Tough choices are being hashed out, decisions for the future are being made.

What types of decisions are being made?

Decisions regarding new verticals to enter, new lines of business to undertake, and new ideal customer profiles (ICPs) to approach. All parties in attendance are there to put their heads together and devise the best way to approach these new elements; The VP Marketing wants to make sure they have the best go-to-market strategy to enter these new verticals/regions/line of business, etc. The VP Sales wants to ensure that there is enough interest and potential use-cases. The C-Suite cares about the ROI, and so on.

Each party must ensure that their pathway for entry into this uncharted territory is carved on solid ground. This means establishing that they have the resources needed to ensure this endeavor is a success, at least as far as their own department and responsibilities are concerned.

What About Security Compliance?

It probably comes as no great shock, one department omitted from the exclusive invite list is Security Compliance. Security Compliance, the function tasked with ensuring companies adhere to external (and sometimes internal) security frameworks and regulations, isn't usually top of mind when it comes to making high-priority decisions regarding the future of the company. In fact, Compliance is more often seen as a hurdle to be bypassed, a collection of bothersome activities to be addressed as effortlessly as possible.

It’s definitely not a necessary voice to be heard when contemplating new opportunities – Or is it?

As companies grow from small startups to scale-ups and hyper-growth (hopefully, anyway) they begin to take on new opportunities. New markets become applicable and new product lines become relevant. While it’s clear that certain key stakeholders must have a say and their concerns must be taken into account, failing to address Compliance concerns until the very last moments leaves an organization open to risk and disappointment.

Why is Compliance Important?

In a world where reputation and customer trust are key facets of growth, ensuring they remain pristine is everything. Optimally adhering to Compliance is an organization’s ticket to demonstrating a deep commitment to upholding, and ever-improving upon, the standards they claim to, when it comes to protecting their own data and that of their customers.

But that’s just one reason Compliance should be a priority.

Just as importantly, Compliance done right can serve as a powerful business accelerant – and when it’s not taken into consideration from the initial stages, it can become a business blocker.

How so?

Imagine that the decision-makers at the top have determined that there is a strong interest and need for their service/product in a new gio, Australia perhaps. But to do business in this new region, that organization needs to adhere to the local Security Compliance standards. How long will it take for this business to meet the country’s Essential Eight - Australian Signals Directorate (ASD) framework, the Prudential Standard CPS 234, or any of the other applicable standards? Failing to understand how easily (or not easily) the applicable frameworks can be met can actually be a game-changer for businesses that expect to move into new regions quickly.

Another example; A company that manufactures microchips has just determined that they want to sell to the medical device industry. Do they need to be HIPAA compliant? What about HITRUST? How long will it take for them to reach these standards if they are indeed relevant? And, if they are too far off, how will that impact the decision to move forward with this potential line of business?

In some cases, senior management and the board of directors might even give up on business plans if the price for meeting compliance standards, and then staying compliant, is going to be higher than the value that this business is provisioned to be. For example, while the choice of whether or not to go public might sound like a no-brainer, in order to do so, Sarbanes Oxley (SOX) must be met. And in reality, meeting the requirements of SOX is highly complex and incredibly time- and resource-consuming; If the company is too far away from being able to fulfill the requirements, they might just delay their IPO.

Whether consciously or not, when a company takes on new opportunities, as a byproduct of that undertaking, they also create a decision to take on new frameworks and often, new regulations. Along with these new Compliance audits come new controls, processes, and requirements. Thus, it’s now an embedded decision and organizations must know what resources it will take to fit this new segment and how their existing program can be optimized so that they can enter new markets/verticals/lines of business with reduced friction.

This is why Compliance MUST be connected to business decisions and why it’s so critical that it has a seat at the table. Whether a company wants to enter into a region, line of business, or industry, Security Compliance is the pathway via which this becomes accessible. And this can only be accomplished by always making sure the Compliance program is optimized to meet any new business opportunities.  

With Compliance as a key element of the decision-making process, companies can run faster, while protecting brand reputation and solidifying customer trust. And that’s a voice that is incredibly worthy of being heard – and listened to – at that table.

This article originally appeared on enrteprenuer.com. on March 31, 2022

Yair Kuznitsov
Tech geek who appreciates and enjoys a good piece of code, Co-Founder and CEO of anecdotes.

Our latest news

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Non eget pharetra nibh mi, neque, purus.