Hey there, community! I’m Guy Herbert, Head of IT Risk and Compliance and Atlassian’s resident Hugh Jackman lookalike. I’ve been asked to talk about Atlassian’s new, speedy compliance process, so here I am to break things down.
Let’s start with some truths:
In a world where agile projects are twice as likely to succeed as traditionally managed projects and non-compliance with regulations like the GDPR is already costing companies a pretty penny, it’s pretty clear that both agility and compliance are vital components of business success.
But as anyone who has worked on the IT or compliance side of things knows, speed and compliance don’t often go hand-in-hand. If a process is agile, it’s usually not compliant. If a process is compliant, it’s usually nowhere near agile. So, how do we keep our development processes quick and responsive without sacrificing compliance? How do we manage compliance without creating bottlenecks?
The Atlassian compliance team set out to prove that these two core business best practices aren’t mutually exclusive. And here’s the good news: We succeeded.
In fact, by the time our new process was complete, Atlassian had gone from 3600 audit tests to just one. Teams that used to lose hours upon hours of development time to audits were suddenly freed up to keep working. And our compliance was better than ever.
This series, based on my talk at Summit 2019, will break down our process. But before we do, today I’d like to talk about the difference between compliance and risk management.
This means making sure you do follow the rules and being able to prove it.
Risk is a little more nebulous. It’s the possibility that things will go wrong—and it’s the thing that delivers the upside.
What do we mean? Well, imagine you’re making a decision about where to go for dinner. There’s that chain restaurant that has decent burgers. You know the quality will be pretty consistent. You know you probably won’t get food poisoning (they’ve got a good track record). But you also know it won’t be a wow experience.
On the other hand, there’s that hole-in-the-wall place someone told you about. It doesn’t have the track record. You’ve never been there before. But there’s a possibility that the burgers there will wow you.
That’s risk. Managing risk means weighing those decisions, the upsides and downsides for your business or life.
Any risk and compliance pros here? What would you add? How do you explain the difference to your teams?
Hello Compliance fans! I wanted to jump in this group to introduce a brand new Community group that our Atlassian Security team started. The Trust and Security group is a space to share inform...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events