Sometimes in life, you have a moment that reframes how you look at your career path. That happened to me at a recent lunch with Sergio Abraham, Innovation Lead at Onapsis. We discussed a wide range of topics surrounding cybersecurity and compliance, and I was left with a resounding thought: “I need to learn more about Onapsis.”
Sergio and I dug deep into various compliance challenges, discussed how businesses handle audits and the role Onapsis plays in the marketplace. We both agreed that, in general, compliance isn’t always viewed as a priority (although it should be). It exists for a specific reason: so companies can protect their customers, employees, partners and investors as well as mitigate business risks. If companies don’t meet these guidelines, the repercussions—typically in the form of financial and/or legal penalties and the associated brand reputation loss—can be significant.
I’ve been leading audit departments for global organizations for more than 10 years, and what I love most is that compliance influences and helps the entire organization. When you support a compliance initiative, you work cross-functionally with many departments, see how they operate and bring that experience back to the compliance team. It drives a deep appreciation for the challenges and opportunities an organization manages every day. And it allows audit and compliance teams to understand how they can best support, secure and meet industry standards for the entire organization.
However, it is imperative that companies acknowledge they may never be fully compliant. There are almost always multiple compliance standards an organization needs to meet, and to be fully compliant all the time would be incredibly burdensome to manage. Many times, after a company completes an audit, they allow momentum to wane, creating an ‘out of sight out of mind’ issue until the next audit starts.
For this reason, virtually every company is reactive to compliance changes. For success, it’s vital to plan the implementation of new compliance programs (or changes to existing compliance programs due to switches in regulation) in small, easily digestible, bite-sized pieces. Start early and create a steering committee within your business that will own the project and its continued success. Be sure to create recurring meetings and measure progress against deliverables. This is how I approached implementing standards like SOX multiple times, and the end result is often a much smoother experience for all when it goes live and an ability to sustain the program over time.
Going back to my lunchtime conversation with Sergio and what intrigued me so much is how this high-growth cybersecurity company, Onapsis, delivers an invaluable tool that not only helps simplify compliance, but also protects sensitive business information.
Compliance within business-critical applications, what The Onapsis Platform supports, is different than general compliance. I mean, these are the core business process hubs of global organizations—it’s where customer, sales, financial, product, services, employee information and trade secrets live. Most organizations don’t think about their business-critical applications in this way—they just rely on them to work without a second thought. That is, until they realize what the disruption of these applications means to both their organization and stakeholders.
No matter what the cause of disruption, whether internal, external, security or compliance-related, companies need to have a plan to identify the problem, fix it and understand how to reduce the risk of it happening. With the right strategy and tools in place, organizations can feel at peace with their business-critical application protection while meeting a range of compliance regulations.
That’s the opportunity that excites me the most at Onapsis. There is a crystal-clear connection between cybersecurity and compliance that isn’t talked about or acknowledged enough. There needs to be explicit guidance and more precise expectations for companies to manage risk, meet compliance standards, and bolster organizational security. By joining Onapsis, I get to be part of a story of a company that is rewriting how we look at compliance, how we think about risk, and even how we execute audits. Who wouldn’t want to have that opportunity?