Welcome back. In this final chapter of my compliance series (based on my Summit 2019 talk), let’s talk about Atlassian’s results and the final step in this process (selling your new compliance process to auditors).
And if you’re wondering “what series?” here are links to the other parts:
So, what did this all our process changes mean for Atlassian’s speed and compliance?
First, our new process reduced 3600 audit tests down to one. Because compliance is ensured at every stage of the process, all auditors have to do is a single check. That means a simpler process for auditors, and it means a lot less time required from the teams doing the work during the audit.
Second, because the process is automated, we can now push more stuff through our pipeline quickly. There isn’t a person or board causing a bottleneck. We still have our checks and balances, but most of the heavy lifting is done by the tools themselves—and they’re much faster at checking, storing, and signing off on everything.
Finally, this process is more accurate and compliant. It significantly reduces the possibility of human error. Machines are a lot less likely to put something in the wrong environment or implement the wrong artifact than a human is.
If you’re sold on the benefits of revisiting, simplifying, and automating your own compliance processes, the next step is to get your auditors on board. And the key to that is treating those meetings as a sales process.
You have to help them understand how it will all maintain compliance standards and why it’s a benefit—not a burden. This means getting really clear on what they care about and what their concerns are and making sure you have clear, compelling answers.
Which is one of the reasons we recommend starting with strategy and mapping out all your obligations up front.
The better you know your obligations and the objectives and activities that follow from them, the better positioned you’ll be to answer questions and sell your new process confidently.
Have you gone through similar process shifts? What is your experience with developing a new process and then selling auditors on it? Any tips for getting auditors on board?
Hello Compliance fans! I wanted to jump in this group to introduce a brand new Community group that our Atlassian Security team started. The Trust and Security group is a space to share inform...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events