Cyber Compliance and management systems
We Spaniards have always been considered people who react well to problems. This reaction This not only happened in our personal lives, but also in our professional and work environments, where planning was one of the subjects that, time and again, was left for “September.”
How many times have we heard, or even been told, to be cautious and careful and to reflect on things, to be prepared in case something happens and thus solve that "problem" more easily?something"What seems so simple to understand, however, has been a very typical attitude towards life; reactive rather than preventiveBut there are very clear signs that this is changing recently.
Management systems, which are well known these days thanks to the strong emergence of the Compliance function < > have served as a path, channel or platform for their successful launch when used by companies to implement and deploy the Compliance function and, by extension, the compliance culture in organizations, although many still have yet to introduce themselves to it.
Without going any further, judges and prosecutors have a positive opinion of them, since they help companies establish and define compliance programs appropriate for each of them, while raising awareness and raising awareness among staff about their application and implementation, which results in and returns to benefit society as a whole in the form of good business practices and a reduction in scandals due to irregularities (fraud, falsification of accounts, bribery, money laundering, etc.), positively impacting the maintenance of jobs by not closing companies and workplaces, for example.
All of these systems are characterized by having four vectors or factors that must be met, and one of them cannot be addressed without taking into account the others: holistic? Indeed, one cannot address a vector without knowing that the other vectors or factors are all interrelated. The four are interdependent to achieve their individual success, as well as overall success. These four factors are: plan, do, check, and act, that is, the well-known cycle. PDCA (for its acronym in English < >).
Continuous improvement: Planning
One of the main characteristics of this type of management systems, and which is related to the substance of the issue of this article, is that they advocate the action planning, that is, by anticipating problems by identifying the potential risks an organization may encounter on a daily basis, both known and unknown, thereby establishing control lines and guidelines to know what to do in the event of a given contingency. This would be the first factor in the continuous improvement cycle, closely linked to the maturity and knowledge of the organization's leaders.
Continuous improvement: Action
Next, we will need to implement the necessary actions to develop everything planned, so that the compliance program is implemented throughout the organization. This is where actions such as training, awareness, and awareness of what we are doing are deployed. between hands, compliance with procedures, policies and other applicable regulations (internal and external). That is, we would be in the phase of “do”, not theorizing. And this involves visualizing in advance possible fateful scenarios, which no one desires.
Continuous improvement: Monitoring
Next, and after the performance of the actions in the organization, we would be faced with the difficult task of check, review, monitor everything done, in order to check if what we say we do is actually done, so that undesirable situations that are contrary to legality or corporate ethical culture are not occurring.
But this clearly has a greater chance of success if we approach it all from a preventive perspective, not a reactive one. It's hard to stop being the way we've almost always been: reactive. But in this case, more than ever, it's important to be proactive and anticipate fatal events that could cost us our business "life," and even our personal freedom if necessary.
Continuous improvement: Readjustment
And finally, to finish we would find the performance after the reviewThis means that, once the problems or failures detected in the Compliance Program have been analyzed, we would begin to implement the improvement measures that had been designed to correct, strengthen, and secure said Program. In other words, once again, we would be dealing with a preventive measure, not a reactive one, anticipating further undesirable episodes that run counter to good business and operational practices.
Considering each and every one of the above vectors or aspects, it's clear, or at least we hope so, that they all focus on prevention, not reaction. This is the path forward and the one we must work toward from the Compliance function. There's no doubt that leaving everything to happen and then reacting is not the solution we should pursue.
As a friend of proverbs that I am, I find one that fits like a glove for this post, and it is that prevention is better than cure…although I'm also one of those who believe that being reactive isn't so bad, since not everything in life can be foreseen. The ability to react, which we've always demonstrated, shouldn't be underestimated, because, when properly managed, it adds more than it subtracts, and acting quickly in the face of something unknown is also a feat. Having the leeway to know how to handle a challenge isn't easy for everyone, and let's not forget that it's something highly valued in the business world.
You can obtain more information about Cyber Compliance and Data Protection in our blog
