57NETWORK
  • About
    • VALUES & MISSION >
      • Integrity Declaration
      • PDPA
      • PDPA - Job Applicant
  • SMARTSHEET
    • Try Smartsheet For Free
    • BrandFolder >
      • BrandFolder + SMAR
    • Services >
      • Training For Success
      • Solution Building
      • Add-on Premium App >
        • Microsoft + Smartsheet
        • Docusign + Smartsheet
        • Dynamic View
    • Solutions >
      • Smartsheet For PMO >
        • Control Center
        • WorkApps
        • JIRA + Smartsheet
      • Smartsheet For Accounting Finance
      • Smartsheet For Legal Firm
      • Smartsheet For Marketing
      • Smartsheet For IT Operations
      • Smartsheet For Education
      • Smartsheet For Construction
      • Smartsheet For Healthcare
      • Smartsheet For Government
      • Smartsheet For Non-profit
      • Smartsheet For Software Development
      • Smartsheet For Sales
      • Smartsheet For IT PMO
      • Smartsheet For Professional Services
      • Smartsheet For Media Entertainment
      • Smartsheet For Telco
      • Smartsheet For SME
      • Smartsheet For Retail
      • Smartsheet For Energy and Utilities
      • Smartsheet For HR
      • Smartsheet For Tech Company
      • Smartsheet For Manufacturing
    • Customers Stories
    • Smartsheet Enquiry
  • Blog
  • CYBERSECURITY
    • Ransomware Mitigation
    • Prevent Email Fraud | Email Security
    • Installation Guide | Bitdefender Gravityzone
    • Patch Management
    • Nutanix Integration with Bitdefender Gravityzone
  • CONTACT US

How I Learned to Stop Worrying and Love Compliance

11/13/2017

Comments

 
Early in my career, I saw compliance as a tax on moving quickly that a small, growing engineering team couldn’t afford. I’m still not a hardcore compliance guy, but I have come to see the value of building compliance into a product early.
​
Engineering teams need to work differently to meet requirements around compliance. If you put the right things in place early on, the technical debt imposed by compliance is not very significant, whereas if you have to play catch up later, you’ll have a lot of work to do at the expense of other things you could accomplish.

​The Cost of Delaying Compliance

Some argue that companies shouldn’t focus on compliance right away, that a team building out a new product should focus on security. I believe compliance and security should go hand-in-hand or teams will find themselves in a place where they have to back engineer the whole thing - a huge cost in terms of time.

At Microsoft, the Bing platform was built with security in mind and not compliance. This worked okay, but made it so the massive investment made in the technology couldn’t easily be reused for Microsoft Office. The power of a search engine for email, documents, and other corporate data is incredibly important, but the technology didn’t meet the compliance requirements. Even some of the most basic infrastructure, such as the content delivery network  (CDN) I worked on were not reusable, because the compliance controls were not in place. It was a two year effort to get compliance in after the fact.
​
When I worked at Edgecast (a CDN that was acquired by Verizon), we were packaging our software to be able to deploy it onto the network of telecommunications companies. We had to change all of our production authentication, rebuild our build systems, and redesign our organization. For a small company with less than 250 employees at the time, this was a huge tax to pay.
​

​Compliance as an Asset, Not a Tax

How did I as an engineer learn the importance of building in compliance? I spent five years working at Experian after they acquired my startup. As soon as we started working together, they educated us on how to think about how we engineered our systems. Taking advantage of the massive experience that a credit bureau puts on compliance made me realize that for Experian compliance was an asset, not a tax.

Given the huge lift required by engineering teams to build in compliance after the fact, I came to appreciate the significant difference it makes if you decide to set up the process up front. I am convinced that is a good way to begin building an app. If you build in compliance early, it’s a much smaller burden on your team, especially when you’re talking about operations systems.

If you are new to the compliance game, spend some time learning how to build an audit trail that is easily accessible, figuring out how to separate duties between two people so a developer isn’t touching their own code in production, documenting how data enters and leaves your system, and cataloging the security controls you are building.  Many compliance controls are about the processes you have put in place to manage security and handle data. Learning the basics when you are architecting your system could save you a lot of headache in the long run.
​

​As Standards Change, We Can Comply

Here at Smartsheet, we’re undergoing the process of becoming compliant for the new European standard under the General Data Protection Regulation (GDPR). Since Smartsheet was built with security and compliance in mind, this new standard doesn’t require my team to implement new operational procedures, nor does it add additional overhead for us.
In our case, our challenges are less around the efforts to become compliant and more about answering questions, how we state in contracts that we’re compliant and ensuring that people understand how to request the controls provided by the compliance standard.

When compliance is built in from the beginning, rather than an afterthought, meeting new compliance standards isn’t a huge burden. We’re all set up to demonstrate how our security meets a specific set of security requirements, even as standards change.
​
Source: Smartsheet Blog
Comments

    Author

    Writers and Bloggers from Smartsheet.

    Categories

    All
    2019
    360 Reviews
    Abacus
    Accelerate
    Accountability
    Accountabillity
    Administrative Control
    Adoption
    Agile
    Agility
    AI
    Alert
    Artificial Intelligence
    Asset Management
    Authentication
    Automation
    Automation In Workplace
    Autopsies
    AWS
    Barcode Inventory
    Better Communication
    Better Decision
    Borderless Team
    Bottom-Up
    Brainstorm
    Business
    Business Leaders
    Business Moves Fast
    Business Software
    Card View
    Chat
    Chatbot
    Chatflow
    CIO
    Clear Vision
    Cloud
    Collaboration
    Collaborative Work Management
    Comfort Zone
    Competitive Advantage
    Compliance
    Construction
    Converse.ai
    Creativity
    Critical Path
    Cross-functional
    Csuite
    CTO
    Customer Experience
    CWM
    Dashboard
    Data Control
    Data Privacy
    Data Security
    Data Visibility
    Decision Making
    Delegation
    Digital Technology
    Digital Transformation
    Direction
    Efficiency
    Email
    Employees
    Employee Spotlight
    Empower
    Engage
    Enterprise
    EVENT
    Flexible
    Future Of Work
    Gantt Chart
    GDPR
    Google
    Google Hangouts
    Google Maps
    Google Sheets
    Grow
    Hacker
    High Value Work
    Hours Saved
    HP
    Information Access
    Innovation
    Issue Tracker
    IT
    IT Team
    Kevin Carroll
    Killer App
    Location Capture
    Location Sharing
    Logged Locations
    Luca Pacioli
    Machine Learning
    Make Better Decisions
    Maximise Productivity
    Maximum Value
    Meeting Management
    Meetings
    Meltdown
    Messaging Integration
    Microsoft
    Microsoft 365 Tips
    Microsoft Excel
    Microsoft Teams
    Mobile
    Navigation
    New Interface
    Old Systems
    Onboarding
    Permissions
    Phishing
    Portals
    Portfolio Reporting
    Post-mortem
    Praerit Garg
    Productive
    Productivity
    Project Management
    Project Managers
    Project Tracking
    Quality
    Quantum
    Real Time Information
    Real-time Information
    Request Management
    Risk
    SAAS
    SaaS Adoption
    Scalable
    Scam
    SECURITY
    Security Control
    Silo
    Skype For Business
    Slack
    Smart Meeting
    Smartsheet
    Smartsheet Dashboard
    Smartsheet Mobile
    Smartsheet Portals
    SMARTSHEET TECHNICAL
    Spectre
    Speed
    Spoofing
    Spreadsheet
    Stay Connected
    Streamlined Processes
    Successful
    Teamwork
    Team Work
    Technology
    Time Saved
    Top-Down
    Track Submissions
    Transform
    Transparency
    Trust
    Upgrading
    Visibility
    Waterfall
    William Oughtred
    Work Anywhere
    Work Better
    Work Collaboration Platform
    Work Communications
    Work Execution Platform
    Workflows
    Workplace
    Workplace By Facebook
    Workplace Messaging
    Work Smart

    Archives

    December 2022
    November 2022
    October 2022
    February 2022
    October 2021
    September 2021
    July 2021
    May 2021
    December 2020
    October 2020
    July 2020
    November 2019
    September 2019
    July 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    August 2017

    RSS Feed

Malaysian accounting firm CKP improves both sales and productivity 30% by digitizing and automating with Smartsheet


Care line: +603-9212 0157

Leave us your inquiry

Contact us
Picture
Reach us via Whatsapp

Picture
Picture
57Network has been helping global companies in digitizing work management for greater transformation.
Copyright © 2022 57Network Consultancy Sdn. Bhd.
Company Registration number : 202001020346 (1376666-K) 
​(Formerly FIFTY SEVEN NETWORK since May 2015). All rights reserved.
 Privacy Policy ​ | ​Integrity Pledge | Site Map
Designed by 57 Web
  • About
    • VALUES & MISSION >
      • Integrity Declaration
      • PDPA
      • PDPA - Job Applicant
  • SMARTSHEET
    • Try Smartsheet For Free
    • BrandFolder >
      • BrandFolder + SMAR
    • Services >
      • Training For Success
      • Solution Building
      • Add-on Premium App >
        • Microsoft + Smartsheet
        • Docusign + Smartsheet
        • Dynamic View
    • Solutions >
      • Smartsheet For PMO >
        • Control Center
        • WorkApps
        • JIRA + Smartsheet
      • Smartsheet For Accounting Finance
      • Smartsheet For Legal Firm
      • Smartsheet For Marketing
      • Smartsheet For IT Operations
      • Smartsheet For Education
      • Smartsheet For Construction
      • Smartsheet For Healthcare
      • Smartsheet For Government
      • Smartsheet For Non-profit
      • Smartsheet For Software Development
      • Smartsheet For Sales
      • Smartsheet For IT PMO
      • Smartsheet For Professional Services
      • Smartsheet For Media Entertainment
      • Smartsheet For Telco
      • Smartsheet For SME
      • Smartsheet For Retail
      • Smartsheet For Energy and Utilities
      • Smartsheet For HR
      • Smartsheet For Tech Company
      • Smartsheet For Manufacturing
    • Customers Stories
    • Smartsheet Enquiry
  • Blog
  • CYBERSECURITY
    • Ransomware Mitigation
    • Prevent Email Fraud | Email Security
    • Installation Guide | Bitdefender Gravityzone
    • Patch Management
    • Nutanix Integration with Bitdefender Gravityzone
  • CONTACT US