By: Brandon Polk, Director of Compliance Services
Contextual Security Solutions | July 12, 2018 @ 11:13
Have you ever been in a situation where you seem to be answering the same questions over and over again? For experienced professionals, the obvious answer is a resounding, YES! “Let’s talk about this… what about that… etc., etc.” The unfortunate reality is that in many organizations, assessors are only allowed to speak with senior level personnel who answer the same questions time and time again. If your organization is capable of such a hierarchy, does this apply to you?
If you are an owner/stakeholder/executive of an organization, I challenge you to answer this question: “why?”. Why would you rather the rehearsed response that everybody is “supposed” to answer as opposed to a truthful response from somebody who is more closely related to your hands-on operations? Are you afraid this person might say the “wrong” thing? Let’s suppose they inform an assessor of something that doesn’t “comply”… what happens? Is this a coaching opportunity or a termination procedure?
I have been fortunate to be able to serve in a consultancy capacity for hundreds of institutions for the past several years. In such time, I have observed that those organizations who are pre-prepared for my arrival most often meet expectations; however, for those who do not have advanced notice, I will attest that this is a truer measure of security and compliance. This is when you have a better understanding of how effective your training programs are.
As an assessor, I’m not necessarily interested in interfacing with personnel that isn’t capable of answering my questions… that would be unproductive; however, I sometimes wonder if I’m getting an honest answer that is truly representative of operations even though it is the “right” answer. So… why does compliance matter to you? Are you more interested in checking a box or getting an honest, in-depth evaluation? We would love your feedback either way… please let us know what you think or to request more information about our services, please contact us via: firstname.lastname@example.org.