The world of Security Compliance and GRC is always shifting and accelerating. As the tempo of investments, deals, M&As, and intros into new markets/verticals increases, companies need to move fast and adopt and implement the necessary Compliance requirements and frameworks just as quickly.
That's why talking about up-and-coming trends is always a bit of a gamble in this frenetic environment. What was trending yesterday may no longer be relevant today due to a host of factors. But here at anecdotes, we love a good challenge (and, perhaps even more so, we love a great story – hence the name, anecdotes). So at the end of 2021, we set out to interview various Compliance experts regarding the trends they see as being the most important and potentially impactful in the upcoming year or so.
A lot of topics were covered: the move to integrated risk management, the accelerated shifting-left of compliance in the business development processes, the need for ever-more-robust unified controls frameworks, and other intriguing forecasts. While all of these trends are indeed making an impact (boo-yah!), we noted one connective thread, one underlying fabric that all trends had in common:
They relied on the use of objective data.
In this post, we will explore the power that comes with leveraging objective data to create a standardized approach to Compliance.
Today, across every industry – from retail, to healthcare, to yes, Compliance and beyond – there’s a growing awareness that data – objective data pulled directly from the original sources, that is – is a major element in knowing, and accurately conveying, what is taking place behind the scenes and beyond the claims. Objective data is now a key element in maintaining trust with customers and building solid relationships with partners.
But the world of Compliance has long relied on, well, pretty much anything but objective data for ages. Manual methods of collecting evidence, like screenshots, spreadsheets, and binary test results, can only help companies produce a hazy view of their Compliance posture at best. This approach isn’t telling a full or 100% accurate tale of what’s taking place.
The use of normalized and structured data collected from all applications in use across a company can provide a full, comprehensive picture regarding the actual Compliance posture and potential maturity trajectory. Objective data has the power to express the true story behind the scenes and gives companies a far more accurate observability tool. With data pulled directly from their own tech stack, companies get a crystal-clear picture of what is taking place – immediately, with no concealing filters, assumptions, or delays.
Okay, but how does the use of objective data make such an impact on the standardization of Compliance?
Consider the following situation: Company A has acquired Company B; each company has their own set of manual tools they are used to working with — Excel sheets, Google sheets, Notepad, whatever. Imagine what this means from a Compliance point of view: now the Compliance team needs to review lots of different types of data in formats they’re unfamiliar with, which is hugely time- and resource-consuming.
To overcome this, companies are starting to use data-oriented definitions. With definitions rooted in data, all parties have the same building blocks to create nearly 100% alignment, even though they have their own tech stack and data that comes with it. By replacing the focus on format — screenshots and excel sheets — with standardized data-oriented definitions, achieving alignment is not only feasible, it can be nearly entirely automated.
This eliminates the need for loads of manual labor and saves Compliance teams lots of tears and frustration. The standardization of data enables teams to create personalized Compliance approaches, as now all parties have the same building blocks despite differences in tech stack and tooling. This is the power of data-oriented Compliance. As we have already seen, businesses will continue to harness the power of data to create alignment, even in activities like risk management.
Four months in, and so far, our trends predictions have been on the mark; Data continues to prove to be a game changer when it comes to standardizing Compliance. When done properly, and with an eye towards increasing a company's maturity, standardization of data can decrease ambiguity and guesswork, guarantee quality, and boost productivity.