It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Series: How to prioritize compliance (without losing development speed), part 4

Welcome back. In this final chapter of my compliance series (based on my Summit 2019 talk), let’s talk about Atlassian’s results and the final step in this process (selling your new compliance process to auditors).

And if you’re wondering “what series?” here are links to the other parts:

Part 1: The difference between compliance and risk management

Part 2: Planning for compliance

Part 3: Atlassian’s new compliance process

Can compliance and agility live in harmony? (The verdict: Absolutely.)

So, what did this all our process changes mean for Atlassian’s speed and compliance?

First, our new process reduced 3600 audit tests down to one. Because compliance is ensured at every stage of the process, all auditors have to do is a single check. That means a simpler process for auditors, and it means a lot less time required from the teams doing the work during the audit.


Second, because the process is automated, we can now push more stuff through our pipeline quickly. There isn’t a person or board causing a bottleneck. We still have our checks and balances, but most of the heavy lifting is done by the tools themselves—and they’re much faster at checking, storing, and signing off on everything.

Finally, this process is more accurate and compliant. It significantly reduces the possibility of human error. Machines are a lot less likely to put something in the wrong environment or implement the wrong artifact than a human is.

Selling your new process to auditors

If you’re sold on the benefits of revisiting, simplifying, and automating your own compliance processes, the next step is to get your auditors on board. And the key to that is treating those meetings as a sales process.

You have to help them understand how it will all maintain compliance standards and why it’s a benefit—not a burden. This means getting really clear on what they care about and what their concerns are and making sure you have clear, compelling answers.

Which is one of the reasons we recommend starting with strategy and mapping out all your obligations up front.

The better you know your obligations and the objectives and activities that follow from them, the better positioned you’ll be to answer questions and sell your new process confidently.

Questions? Thoughts? Comments?

Have you gone through similar process shifts? What is your experience with developing a new process and then selling auditors on it? Any tips for getting auditors on board?

0 comments

Comment

Log in or Sign up to comment
TAGS
Community showcase
Posted in Compliance

Introducing the Trust & Security Group!

Hello Compliance fans! I wanted to jump in this group to introduce a brand new Community group that our Atlassian Security team started. The Trust and Security group is  a space to share inform...

941 views 2 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you