Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Series: How to prioritize compliance (without losing development speed), Part 1

Hey there, community! I’m Guy Herbert, Head of IT Risk and Compliance and Atlassian’s resident Hugh Jackman lookalike. I’ve been asked to talk about Atlassian’s new, speedy compliance process, so here I am to break things down.

Let’s start with some truths:

In a world where agile projects are twice as likely to succeed as traditionally managed projects and non-compliance with regulations like the GDPR is already costing companies a pretty penny, it’s pretty clear that both agility and compliance are vital components of business success.

But as anyone who has worked on the IT or compliance side of things knows, speed and compliance don’t often go hand-in-hand. If a process is agile, it’s usually not compliant. If a process is compliant, it’s usually nowhere near agile. So, how do we keep our development processes quick and responsive without sacrificing compliance? How do we manage compliance without creating bottlenecks?

The Atlassian compliance team set out to prove that these two core business best practices aren’t mutually exclusive. And here’s the good news: We succeeded.

In fact, by the time our new process was complete, Atlassian had gone from 3600 audit tests to just one. Teams that used to lose hours upon hours of development time to audits were suddenly freed up to keep working. And our compliance was better than ever.

This series, based on my talk at Summit 2019, will break down our process. But before we do, today I’d like to talk about the difference between compliance and risk management.

Screen Shot 2019-05-23 at 8.26.53 AM.png

Compliance is being able to show that you follow the rules.

This means making sure you do follow the rules and being able to prove it.

Risk management is balancing upsides and downsides.

Risk is a little more nebulous. It’s the possibility that things will go wrong—and it’s the thing that delivers the upside.

What do we mean? Well, imagine you’re making a decision about where to go for dinner. There’s that chain restaurant that has decent burgers. You know the quality will be pretty consistent. You know you probably won’t get food poisoning (they’ve got a good track record). But you also know it won’t be a wow experience.

On the other hand, there’s that hole-in-the-wall place someone told you about. It doesn’t have the track record. You’ve never been there before. But there’s a possibility that the burgers there will wow you.

That’s risk. Managing risk means weighing those decisions, the upsides and downsides for your business or life.

Any risk and compliance pros here? What would you add? How do you explain the difference to your teams?

1 comment

Iago Docando Community Leader May 30, 2019

No much more to add so far... I agree with the premises stablished in this part 1 and I'm already eagerly waiting on part 2. Hopefully you'll expand a bit on the 'how' you freed those development teams from the tyranny of the audit tests without losing the compliance aspect of your processes.

In any case, congratulations on that achievement.

Like # people like this

Comment

Log in or Sign up to comment
TAGS
Community showcase
Posted in Compliance

Introducing the Trust & Security Group!

Hello Compliance fans! I wanted to jump in this group to introduce a brand new Community group that our Atlassian Security team started. The Trust and Security group is  a space to share inform...

1,071 views 2 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you