Plutora Blog - Business Intelligence, Digital Transformation, IT Governance, Software Development, Value Stream Management
The Practical Leader’s Guide to Regulatory ComplianceReading time 7 minutes
Try as you might, you can’t dodge business regulations. In the first decades of the explosion of tech companies and the internet, regulations were few and far between. That isn’t true anymore. Today, regardless of where your headquarters are located or where you do business, regulations are a fact of life. As a practical leader, you want to make sure that you comply with regulations. You know that meeting regulatory standards is what’s best for both your business and your customers. But you also know that regulations can turn into a big time suck. You want to be careful not to devote excessive time and personnel to keeping your business up to date with the shifting regulatory landscape.
In this post, we’re going to talk about some high-leverage ways that you can optimize regulatory compliance in your business. The goal here isn’t to eliminate all time and money you spend on complying with regulations. That’s impossible. Instead, we’re going to try to maximize the effect your effort provides.
Know Your Regulations
This might seem obvious, but you’d be shocked at how often people try to make decisions based off bad information. Let’s face it: reading through regulatory guidelines is boring. You’re busy. It’s easy to skip critical sections of regulatory documents and still think that you’ve got the whole picture. Needless to say, this is a bad idea. Instead, foster expertise within your organization about what regulations require of your business. Recognize that it’s impossible for any one person to be an expert on all regulatory requirements. Instead, delegate the responsibility of expertise on regulations to multiple people.
Adapt governance to meet engineering teams where they are for continuous compliance and automatic auditability.Learn More
The next step is the important part: you need to include those people in decision-making processes, and trust their judgment. Often, regulations require things that might otherwise sound onerous or costly. It’s easy to foster an antagonistic relationship, like it’s the business against PCI-DSS or HIPAA. This is the exact kind of attitude that you want to avoid. There are good reasons for these regulations to be in place, and it’s important that your business work to follow them.
Leverage Your Network
You probably aren’t best friends with each of your competitors. That’s OK, you don’t need to be. But it’s likely that other businesses in your community face some of the same regulatory challenges you do. That’s where you can leverage your network to hear what other people are doing, and how they’re finding success. Sure, the managing director of the web agency from down the road probably doesn’t know as much about your business as you do. But she’s probably got a lot of good insights about GDPR compliance. Learning her thoughts about data retention regulations might be as simple as a conversation over coffee or attending a local meetup.
Automate Your Headaches Away
I’ll admit, this concept is one that hits close to home for me. I got my start in the tech sphere many years ago helping to document regulatory compliance for a pharmaceutical company. Every time we needed to make a change to one of our manufacturing systems, we faced a pile of documentation required by the FDA. I was the person responsible for compiling and verifying that documentation. At any given time, if you’d visited my desk, you would’ve seen towers of three-ring binders coordinating changes big and small. This documentation was important! We were producing medicine that people put inside their bodies, and we needed to ensure that software changes didn’t produce changes in the manufacturing process. But I’ll admit that documenting those changes was exhausting and frustrating.
Thankfully, regulatory technology has come a long way since those days. Today, you can build those checks right into your software deployment pipeline. When I was compiling documentation for change control regulation, it often felt like I was working against the interests of the business. Engineers would be chomping at the bit to ship some new version of our software, and I was the one who was holding those changes back. We couldn’t fully verify that their changes had been thoroughly tested, and the engineers hated spending the time to actually walk through those tests.
Today, platforms like Plutora mean that you can build IT governance right into your continuous integration process. Often, manual compliance processes can take months to complete. Plutora can drop that time to mere hours, speeding up your team and making sure you meet regulatory requirements at the same time. Plutora shifts governance earlier in your development pipeline, allowing your engineers to focus on delivering innovation while ensuring your business is always in compliance.
Train Your Employees
I get it. Nobody likes regulatory compliance training. Businesses don’t like planning them. Employees don’t like taking them. But the reality is that regulatory compliance training is one of the most cost-effective ways you can boost your regulatory compliance. As a business leader, you might be responsible for the company’s overall regulatory compliance. However, you can’t be present for every single transaction an employee undertakes. At some point, you have to delegate some of your responsibility to your employees. That’s when you need them to be thinking about regulatory requirements of the business.
If you’re trying to maximize your return for time spent on regulatory compliance, training is a must. You’ll derive a great deal of value from a training program that makes regulations that affect your business easy to understand. Ideally, your employees should know both what they need to do and when they need to do it, when it comes to regulations. It’s up to you to design the training that imparts that knowledge.
Listen to Those Employees
Too often, training programs are one-way streets. Business leaders design a training, roll it out, and then never think about it again. Everyone is perfectly trained, and they can go about their way, right? Not so fast, my friend. After you roll out a training program, it’s a great idea to spend time meeting with the people your team trained. Sometimes, they’ll have questions about what the training meant, or how it might apply to their work. They’ll often have feedback about ways that you could improve the training for subsequent cohorts.
The best-case scenario is when your employees provide insight into ways that they could become more efficient at their job while meeting regulatory requirements. Your employees don’t want to do extra, tedious work. You don’t want them spending unnecessary time on needless tasks. Encourage your employees to come forward with ideas about how to make regulatory compliance something everyone benefits from.
None of these recommendations are revolutionary. There is no silver bullet to regulatory compliance bliss. Instead, productive regulatory compliance takes thoughtful leadership, knowledge of the environment, and applied knowledge. When regulations roll out or change, it’s very easy to feel like a victim. Someone is coming into your business and telling you how to behave. Nobody likes that feeling. But, the reality is that this is something all your competitors need to deal with, as well. As a practical leader, your role is to figure out how to leverage the advantages you already possess to work within that new framework. By taking simple, high-leverage steps and understanding the landscape well, you’ll be well positioned to adapt to whatever changes come your way.