How can businesses get their employees engaged with compliance and set achievable goals? Myhrtoolkit's Chief Information Security Officer, Kit Barker explains how to get staff on board with compliance.
I’m not sure which topic would be the least welcome at most conversations: “compliance” or “information security”. Perhaps throw “audit” in there for good measure and you’re almost guaranteed to spoil any party!
However, despite the reputation it may have, compliance is a vital part of any business, and it doesn’t have to be heavy or dull. Honest.
What is compliance?
I think that compliance has a bad reputation because it’s misunderstood and often the things employees are asked to do aren’t directly relevant to their job.
If you were to ask people what words come to mind when you say the word “compliance”, I think you’d hear a mixture of words like regulation, law, legal, GDPR, and such like. That’s a part of compliance for sure, but it’s only a small part of it.
By focusing only on regulation and legal matters, businesses often view compliance as something that’s pushed upon them by the powers that be and see no business value in it.
Put simply, compliance is the measure of how closely your employees are doing the things that the business says they should be doing, in the way they should. Put like that, I struggle to see how any business owner or manager, or even employee, wouldn’t be interested in it!
Start with business goals
When creating compliance goals or measures, we need to start by asking what the business goals are so that we can fully understand why being compliant in any area is important.
I often think of business goals as a tree, with a singular core goal (the trunk) dividing into a multitude of smaller goals or branches that are supported by the core. Most, if not all businesses, share the core goal of revenue generation. After that, goals diverge depending on the culture and aims of each business.
You should be able to “read” the goal tree by starting at the trunk and following each branch, working towards the leaves. For example:
1. We aim to generate revenue by (this is the trunk):
1.1 Selling more widgets, by:
1.1.1 Having engaged and satisfied employees, by…
You will often see regulatory compliance as a business goal, but it is not the core goal, and as such needs to be thought of in terms of supporting the core goal. When thought of in this way, it can help people to understand that ensuring compliance is a way of ensuring the business meets its overarching goals.
Setting compliance goals for employees
Armed with a well-defined set of business goals, you can start to develop a set of realistic and achievable compliance goals for your employees.
As with any goals, compliance goals should be SMART – or Specific, Measurable, Achievable, Realistic, and Time-based. Sometimes it’s difficult to ensure all SMART letters are covered, most often Time-bound, so don’t overthink it, but it is important that goals are clearly communicated and achievable.
Examples of compliance goals might include:
- Employees are to complete online training within 14 days of being assigned to a course
- All policies are to be reviewed by policy owners on at least an annual basis
When done well, these goals should be clearly aligned with business goals. If they’re not, then they might not be relevant for the employee and will probably have a lower level of compliance as a result.
Improving compliance
One the of the keys to improving compliance is to ensure that communication is as clear as possible. This means that people should know:
- What you’re asking them to do
- Why it’s important they do it
- How the goal is measured and how they can track performance
- What happens if they meet their objectives
- And what happens if they don’t meet their objectives
Finally, compliance should be part of the culture of your organisation and seen as an opportunity to engage people and improve your organisation. We’re not trying to sniff out non-compliant employees to lay blame and point fingers, we’re looking to positively improve compliance by engaging people, improving our organisations, and celebrating success.
Read more from the myhrtoolkit blog
Written by Kit Barker
Kit is myhrtoolkit's Chief Technology Officer and a company director for myhrtoolkit who leads the technical team in developing the system. On our blog he shares specialist knowledge and tips around data security and company culture.