Compliance processes in the enterprise have always been siloed. The compliance team or outside consultants running compliance processes normally have a 10,000 foot view. They can usually list the moving parts as a series of checkboxes in a spreadsheet or some type of compliance software. This leads to top-down compliance processes that require a lot of repetitive, manual work by compliance leaders to track all the moving parts. Multiple teams have to participate in compliance, including HR, IT, and Legal. For this reason, top-down and siloed compliance processes are inefficient, expensive and error-prone.
Some of our smarter clients are flipping the script and leveraging their IT asset management (ITAM) platforms to streamline compliance and improve compliance collaboration. This might seem odd but IT is the touchstone for a majority of modern compliance processes because it is the chokepoint and control for both access and information. Here’s a quick primer on how they do it.
Step 1. Define Your Compliance Process
Write down all the steps necessary to run your compliance process and identify who is responsible for securing compliance. This lays out a roadmap of jobs to be done.
Step 2. Map Compliance Process to IT Resources
Every IT resource is part of a compliance process. This includes mobile devices, laptops, software, SaaS and cloud infrastructure. The status, ownership and location of each of these resources is best stored and tracked in an integrated ITAM system with auto-discovery.
Step 3. Create Role-Based Dashboards To Track IT Compliance Processes
Give every player in the compliance process a way to easily view and track their tasks based on the ITAM status of resources required for compliance. Modern integrated ITAM should have a full-featured API to export status information into other dashboarding tools. Alternatively, an inline dashboarding capability can make it easy for IT teams to create dashboards based on specific roles to validate compliance. Compliance validation can be added as another feature field that is shared across HRIS, employee directory (ActiveX or G Suite) or other commonly used tools for managing IT usage and privileges. So, for example, the HR team could have an ITAM dashboard showing which employee had not yet turned on 2FA in all their SaaS tools or hard drive encryption on their laptop. IT, compliance, legal and HR might each have a different view depending on what information they need to understand their compliance tasks.
Step 4. Integrate Compliance Processes and Workflows from ITAM into Other Collaboration Tools
If your ITAM is easily extensible and has an open API that the ITAM vendor allows you to access and build upon, then IT teams can integrate workflows into the compliance process that enhance collaboration through notifications and messages in widely used channels. For example, when an employee activates 2FA on a device or when a password is changed on a system, the ITAM can detect this change and send a Slack notification to the IT Team while also updating the employee’s checklist in the organization’s HRIS systems (like Workday). Ideally, these workflows should be easy to configure without developer resources.
This is just an outline of how Smart ITAM can make it easier to collaborate on compliance processes. By enhancing visibility, communication and processes, an integrated ITAM can remove some of the coordination burden of the compliance team and automate parts of the process that formerly involved manual updates. This will mean not only less time spent on tasks that no one really enjoys but also fewer errors and more repeatable processes. In turn, this means better organizational compliance – starting from the touchstone of all compliance processes, the ITAM.