Any leader reading this has probably had the following experience; There is a meeting room with a long mahogany table. At this table sits the C-suite, the VP of Marketing, the VP of Sales, the CIO, and various board members. In this room, things happen. Difficult choices are made, decisions for the future are made.
What kinds of decisions are made?
Decisions regarding new vertical markets to enter, new business sectors to undertake and new ideal customer profiles (ICP) to approach. All the parties present are there to reflect together and imagine the best way to approach these new elements; The VP Marketing wants to ensure that they have the best go-to-market strategy to enter these new verticals/regions/lines of business etc. The VP Sales wants to make sure there is enough interest and potential use cases. The C-Suite cares about ROI, and so on.
Each party must ensure that its path into this uncharted territory is laid out on solid ground. It means establishing that they have the resources to make this business a success, at least in terms of their own service and their own responsibilities.
What about security compliance?
It’s probably no big shock, one department omitted from the exclusive invite list is security compliance. Security compliance, the function responsible for ensuring that companies comply with external (and sometimes internal) security frameworks and regulations, is generally not a priority when it comes to making priority decisions about security. future of business. In fact, compliance is more often seen as a hurdle to work around, a set of troublesome activities to tackle as easily as possible.
It’s definitely not a necessary voice to be heard when considering new opportunities – or is it?
As companies move from small startups to scale-ups and hyper-growth (hopefully, anyway), they start to seize new opportunities. New markets become applicable and new product lines become relevant. While it is clear that certain key stakeholders need to be heard and their concerns taken into account, failure to address compliance concerns until the very last moment exposes an organization to risk and disappointment.
Why is compliance important?
In a world where reputation and customer trust are key facets of growth, ensuring they remain intact is paramount. Optimally adhering to compliance is an organization’s ticket to demonstrating a deep commitment to meeting and continually improving the standards to which it claims, when it comes to protecting its own data and that of its customers.
But that’s just one reason why compliance should be a priority.
Equally important, compliance done right can serve as a powerful business accelerator – and when not addressed from the early stages, it can become a business blocker.
Imagine that decision makers at the top have determined that there is a strong interest and need for their service/product in a new gio, Australia perhaps. But to do business in this new region, this organization must adhere to local safety compliance standards. How long will it take for this company to comply with the Essential Eight – Australian Signals Directorate (ASD) Country Framework, Prudential Standard CPS 234 or one of the other applicable standards? Not understanding how easily (or not) applicable frameworks can be met can actually be a game-changer for companies expecting to move quickly into new regions.
Another example; A company that manufactures microchips has just determined that it wants to sell to the medical device industry. Do they have to be HIPAA compliant? What about HITRUST? How long will it take them to reach these standards if they are indeed relevant? And, if they are too far apart, how will that impact the decision to go ahead with this potential line of business?
In some cases, senior management and the board might even abandon business plans if the price to meet compliance standards, and then stay compliant, is going to be higher than the expected value for that business. For example, while the choice to go public or not may seem like a no-brainer, to do so, Sarbanes Oxley (SOX) must be followed. And in reality, meeting SOX requirements is extremely complex and time-consuming and resource-intensive; If the company is too far from being able to meet the requirements, it could simply delay its IPO.
Whether consciously or not, when a business embraces new opportunities, as a by-product of that business it also creates the decision to adopt new frameworks and often new regulations. These new compliance audits come with new controls, processes and requirements. Thus, it is now an integrated decision and organizations need to know what resources will be required to adapt to this new segment and how their existing program can be optimized so that they can enter new markets/verticals/ industries with less friction.
This is why compliance MUST be linked to business decisions and why it is so essential that it has a place at the table. Whether a company wants to enter a region, a business sector or an industry, safety compliance is the route by which this becomes accessible. And this can only be accomplished by always ensuring that the compliance program is optimized to meet any new business opportunity.
With compliance as a key part of the decision-making process, businesses can operate faster, while protecting brand reputation and building customer trust. And it’s a voice that’s incredibly worth hearing – and listening to – at this table.
This article originally appeared on entrepreneur.com. March 31, 2022