Why should you care about compliance? Tim, who helped develop the SAS application Polygon, joins us this week to discuss compliance for engineers and why it matters. Polygon is shaping the future of policy processing management by helping MSPs streamline the policy process.
To understand why you should care about compliance, it helps to really know what compliance is. Essentially, it is adhering to some standard. In the technology world, there are Risk Management Frameworks (RMFs) that are used as a compliance standard to adhere to. You could compare it to quality control, or the referee of cybersecurity. This “referee” is helping guide you through the rules that you and the client should adhere to in order to avoid the ramifications and consequences that could follow.
Tim explained that when he starts with compliance, he always tells his MSPs to take care of the people first; people process technology. However, hiring people that know the compliance frameworks, the controls, etc. can be hard. Thankfully, there are resources out there that can help, such as peer groups to help you understand the complex world of compliance or the Center for Internet Security (CIS) framework.
Compliance is also about intent. Ask yourself this: Is your compliance goal to check the box, or is it to produce a quality product? If you’re just trying to check the box, there may be consequences that follow.
I ask my kid to sweep the floor, and they take the broom out, do one sweep across the kitchen floor, and call it good – after all, they “technically” did sweep the floor. They checked the box. However, the floor is still dirty with dust and dog hair, which ultimately causes the family members with allergies to suffer. It’s the same thing with compliance in the technology world. If your intent is to simply check the box, your client is not going to experience the benefits of a quality job.
Let’s also talk about why compliance needs to be in place. Have you noticed that we talk about when the breach happens, not if the breach happens? Compliance will help you prepare for when a breach hits your company. When that happens, your insurance company or the investigators that are helping you get through the breach will first ask you what you have in place for people processing documentation. Training of the policy is also extremely important in order to ensure that your company is following the compliance that has been set in place. We are starting to see more and more industries needing this documentation, but they’re also following a process for that documentation. MSPs are doing this already, though many are struggling with the policy piece. That’s where Polygon steps in to fill that gap.
Next week, we will talk about how to actually run a compliance program and how you can drive your business with it. If you’re an MSP and you do this successfully – not just check the box – it will drive revenue and increase projects. Plus, you and your client will be happier doing it.
You can also listen to our podcast on Spotify and Apple Podcasts. Please follow us on your favorite medium for more great advice.