Whether it is PCI-DSS, ISO 27001, or any other compliance requirement, It is becoming clear every day, that transforming Compliance functions to work remotely, smoothly, and securely is a necessity that will continue to exist even after COVID 19. While this will be difficult for some business functions, some business functions can overcome challenges and even work better in remote mode.
While Compliance and Auditing always needed physical presence of some sort, performing the main function itself does not. Consulting Companies have been working in this direction even before the lock-down of COVID 19. While some had created good platforms for exchanging documents and follow up on progress, it is very important to look on the process end-to-end to guarantee security, collaboration between stakeholders, project tasks follow up, and reporting on different levels.
Security of Communication:
Communication is a major part of any Audit and Compliance project. Meetings, emails, chats, and file exchange are all methods of communication that take place during any project. While there are many solutions for each of those items that exist, it is critical that those methods be highly secure and effective. Audit and Compliance projects process many sensitive information. The Information exchanged also may contain business secrets, and detailed procedures that should be confidential.
Communication methods should be secure and also effective that it does not require much complex hygiene process after projects are closed. If documents are saved secured on the cloud solution it should not be shared via email or saved on desktops. Rather all collaboration should happen on the same place as much as possible. This is not only more effective but it also helps cleaning sensitive information later after the retention period.
Collaboration on different levels of stakeholders:
Does the platform enable different stakeholders to collaborate securely and work together on different parts of the project? This is a very critical question as most of the compliance projects are delayed due to miscommunication or mis-collaboration between different departments. Having a single platform that shows all progress done and pending tasks enables management to have an eagle eye view and take the right decisions.
Follow up:
Follow up is not only about reminding teams with deadlines and monitoring progress. It is also about having a clear picture where might the project get stuck or delayed, early enough, to consider different options.
Solving issues that may rise promptly, and addressing risks that different teams may raise early is a key success factor for any project. The Audit platform used should enable all stakeholders and consultants to see and address those issues and risks in a swift way.
While each project has a set of standard reports that are required by all types of stakeholders like progress, issues, and risks, the platform used should be flexible enough to generate customized reports that address specific matters. Some compliance projects may encounter a major change required in business flow that consists a separate project by itself. In such case the reporting platform used should be able to be customized for different situations to enable teams to understand and deliver accordingly.
In conclusion the consulting company should consider all aspects of compliance, audit, and certification projects to come out with an integrated and effective platform for working remotely. It is also the responsibility of customers and stakeholders to force the consultant to use those platforms and ask the right questions.
While a lot of consulting companies came out with such customized platforms, it should be clear that cloud compliance platforms should not be only about requirement standards and supplying evidence. It should be an integrated secure platform that supports collaboration and communication in all means required.