The goal for any business is to hire the “perfect fit” with the right expertise and focus. With the unpredictable market and the onslaught of every kind of technical solution, there are several square pegs for every round hole.
And now, thanks to COVID, “remote” is the new normal. We see it all the time in our business activities – virtual meetings, virtual networks, remote access, VPN, and teleworking. Even the roles in businesses can be virtual – virtual CFO, CTO, CISO, managed service providers, etc.
Security itself can be managed remotely, although we still have certain priorities when choosing a security methodology, such as reducing the time to detect and respond to an attack.
But security isn’t compliance. If you’re in a specific industry (healthcare, finance, manufacturing, for example) or you deliver services to the government, compliance is a requirement. Your IT department or MSP might support and even monitor your network, but they don’t know what compliance controls need to be met – or even how to meet them.
Enter the need for a compliance officer. Now the question is “Do you hire internally or outsource?”
From the business perspective, two factors to consider are cost and experience. These are hard to balance when looking for a new full-time employee.
Yes, you could hire internally, but you then can run into issues with limited growth and limited experience.
However, today with remote and factional service offerings, you can take advantage of having a cost-effective provider who is also a highly experienced subject matter expert.
To justify the need for someone to drive a compliance program, think about where else you could find a resource. Your service provider may have compliance offerings. However, do you want to rely on the same organization performing security services to also check their own work? Can you rely on their objectivity to sell you what you need to be compliant – over improving their bottom line? (I often use the analogy of the fox watching the hen house to describe the need for a separate, third-party to evaluate the work of the MSP or IT department.)
The best alternative is to find a third-party organization that is solution agnostic, and therefore has only your best interests in mind.
The biggest advantage of experienced compliance officers on a part-time and virtual basis is first and foremost in the cost savings. In addition, an experienced firm has a consistent approach that produces proven results. So, the more experience they have in compliance practice, the more the organization will gain by hiring them over hiring an employee. Multiple projects with a variety of organizations and situations also help produce more alternative solutions. A direct hire brings only their past experiences and only what they can learn from working in your organization.
The virtual compliance officer brings new skills, removes the shortage of talent within the organization, and separates the noise of the industry from the essentials the business needs to meet compliance.
If you would like to discuss how a virtual CCO (Chief Compliance Officer) can benefit your organization, let’s have a conversation.