Over the last couple of weeks we have been busy with compliance-related assessments, with COVID “office-readiness” quickly followed by annual ISO27001 re-certification.
Aside from the bitter-sweet feeling of being able to do some of it from the garden, it was business as usual. A reminder of the painful but necessary process of continuous assessment.
Challenges of certification
Risk Compliance involves, broadly speaking, three challenges:
- Definition of the controls framework against which the assessment is to be conducted, the realm of process designers;
- Providing the necessary evidence to satisfy the control points, the calvary of the auditee;
- Organising and consolidating the results for meaningful reporting, easy reference and periodic repetition, the responsibility of the reviewer.
Size matters
In small organisations, the tools required to achieve the above rarely go beyond the word document or spreadsheet and a few designated directories to securely store the work-in-progress and archive the results.
In large, distributed organisations, however, as the same process needs to be repeated across multiple locations and business units, the number of people and volumes of information involved call for more robust technology:
- a centralised system with delegated information collection;
- separate access to data depending on role: for auditees to submit what’s required and reviewers to provide feedback, evaluate risks, request follow-ups;
- flexibility in configuring controls frameworks so that different types of assessments may be supported (ISO, GDPR, ITIL, COVID…) or the same type of assessments adjusted over time;
- full audit trail of changes;
- instant, smart access to data, e.g.: a vertical cut, on a specific control point, across all the assessments; effortless progress verification.
LiveDataset: a platform born for this
At LiveDataset, our mission is to help distributed teams to own, augment and act upon key business data.
The process of running Risk Assessments in large organisations hits all the sweet spots of our data collaboration platform: many contributors in many locations, the need to make the most of the information already available, the desire to consolidate, for maximum efficiency and accountability, all the compliance work into one integrated process.
Call to action
Are your data collection and consolidation processes, compliance or operations-related, in need of an overhaul? Contact us today!