Every organisation wants to build strong relationships with its customers – and compliance is one technique that should definitely be in your relationship-building toolbox. This may seem surprising, but, as we point out in our White Paper, there are three types of compliance:
- Standards, or external compliance
- Organisational compliance: the things you do as an organisation and the proof that you actually do them
- Supplier compliance i.e. trust in the supply chain.
This third type is often overlooked but bringing customers into your compliance regime and encouraging them to adopt it (in an appropriately tailored way) will help to build trust between your organisations.
It’s important to ensure that this trust can be validated by working with customers to understand their business and to provide additional, add-on solutions to support the new digital landscape. Embedding an organisation with its customers with an environment of mutual trust and understanding creates an open and trusted relationship that shares risk and profit.
You also need to bring your suppliers into the equation, as the behaviour of an organisation’s suppliers can have a critical impact on its customers. This means working closely with your major technology suppliers to ensure long term security and stewardship of strategic assets.
We recommend categorising your suppliers depending on your organisation’s reliance on them, with critical suppliers having, at a minimum, the same security governance and compliance. Aim for a cost-effective partnership on agreed standards and the joint operation of governance, risk and compliance.
Each supplier needs to be considered separately, as each presents a different level of risk. Take a large IT supplier - they will typically have a long and well-established compliance process which is extremely secure but comes at a high cost. Contrast that with an SME, which will be more agile and may find it easier to adapt the scope of governance to work in a tailored way with each individual supplier.
As the buyer, you have to assess whether the resulting risk of working with that SME is acceptable and find the right balance between risk and restriction, which is where you obtain best value services. Both parties need to agree on how they grade each risk, so the right amount of resources are assigned, and then audit the process to ensure governance.
If you’d like advice about this or any other aspect of compliance, do get in touch and we’ll be happy to answer your questions.
To find out why Neville thinks compliance is key to managing risk, click here.