It doesn’t really sound like the start of a joke right? The fact is that the punchline of this one isn’t funny and is being felt in organisations throughout the country. In the case of the compliance officer it was because he had to. At least the chicken did it because she wanted to get to the other side!

Compliance has been seen as the holy grail for vendors for years. You will not find a credible vendor slide deck without the requisite compliance slide detailing all manor of compliance to their version of events. This is made all the more clear to you as a lovely table demonstrates which boxes are ticked. And there it is, the tick box. Designed primarily to release the budget.

It might seem that I am not a big fan of compliance. I am. I think that standards are necessary and often essential. The work that is required to develop and publish compliance standards is commendable. What concerns me the most is the amount of roads we need to cross, the sheer volume of compliance requirements and the fact that vendors are so focussed on pushing their ‘compliant’ values.

John Colley at (ISC)2 recently blogged (and I repeat the paragraph in entirety since it is so good): A new report released by (ISC)2 based on responses from more than 1,600 c-level executives globally, highlights this paradox; the senior C-suite is aware of the security threats, but because they are so busy reacting to the organisational and compliance requirements of the business, they are unable to spend the time to put adequate measures in place to effectively tackle the security issue.  

And that is where we are; we are too busy getting compliant to actually take any benefit from the compliancy security objectives. Too often a compliancy project is seen as the finishing line rather than the starting block. We have to look at business benefit or workflow and efficiency objectives within compliance. If companies fail to see the benefits of being compliant then we will continue to see the majority waiting until deadlines to start, tick boxes to finish and fail to see value throughout.

Take a step back, take a deep breath, look both ways, look again and cross that road, not because you have no choice but because you want to get to the other side!

black on red small