If the Assessor ain’t happy, ain’t nobody happy.
Your compliance Assessor isn’t just any old vendor you hire to fix a problem. They aren’t the plumber or the photocopier technician. Your Assessor is a partner to your business. And if it’s going to be a successful partnership, you need to be intentional about your relationship together.
Because if things don’t go smoothly, your annual Assessments can be very painful.
Whether you’re starting a new relationship with a compliance Assessor or you’ve been together for years, follow these tips to make it a match made in heaven.
Related: Your First Compliance Audit: Will You Crush It or Get Crushed?
Work on Your Communication
The key to a strong relationship with your compliance Assessor is communication. As with every relationship, everyone has their own communication style and their own way of doing things. Learn how they want to communicate, and establish a cadence of communication.
Make sure you keep that line of communication open with the Assessor as you go through the entire process. Have a mechanism to deal with problems that come up. What happens if things go sideways — if you’re running behind, or an emergency that pops up?
At almost no point in the game is it beneficial to be combative with your Assessor. Assessors don’t do well with belligerent organizations. They aren’t a commodity vendor like a phone provider, and it won’t benefit you to treat them like one.
Be Reliable
Know what the objectives are — this doc by this date — and hit the mark. Get things done when you’re supposed to. If you don’t, it creates massive ripple effects for the Assessor, and for your engagement.
Make sure the agenda is lined up ahead of time, with a clear idea of what to cover and when. Assign people to fill in as alternates for each topic. The Assessment won’t stop if Mary’s out with COVID.
Be honest. The Assessment will go a lot easier for you if you’re direct and open about your situation. Your Assessor is there to help you, not to catch you in the act. If you aren’t honest, chances are, the truth will come out during interviews and evidence reviews.
When your Assessor trusts you, everything goes so much easier. Even when they have to do a bit more digging, it isn’t to get you in trouble but to help understand the situation and assist you in achieving a stronger security posture.
Related: What Does Your Compliance Auditor Expect from You?
Be Thoughtful
If your compliance Assessor is on-site, they’re living out of their suitcase. Travel may have been rough, and they’re away from family. Life on the road can be grueling.
Be thoughtful and help make their visit as comfortable as possible. Find out ahead of time if they have any special needs that you can accommodate for them. Greet them at the door each morning and escort them on their way out each evening.
Provide meals they’ll enjoy. Have a breakfast platter waiting for them in the morning, order lunches from decent restaurants. Find out ahead of time what the Assessor likes and if they have any dietary restrictions. Take them out to a nice restaurant nearby for dinner.
Make sure your Assessor is staying at a comfortable hotel that’s close by and easy to get back and forth.
Don’t Be a Slob
There’s nothing that makes an engagement more painful for an Assessor than a client that doesn’t have their act together. Be well organized and have everything ready at your fingertips.
The more organized your stuff is and the more buttoned up you are, the smoother everything goes. Because when something fails or doesn’t get done, you open yourself up to greater scrutiny.
If there’s a discrepancy between documents — maybe there are things on your network diagram that aren’t in your inventory — now your compliance Assessor is in a position where they’re forced to start asking more questions and to dig deeper. If one thing is missing from your inventory, what else is missing? They can’t trust the evidence, and they don’t trust that you have your act together. Their radar is up and they’re going to poke around more closely.
Something like that can make things uncomfortable between you and your Assessor. They have to put their name on the record. If they say you’re good to go, that’s their reputation on the line — and their firm’s reputation. And in this space, reputation means everything.
But if you go into the Assessment with all your ducks in a row and everything is as it should be, it’s a hell of a lot more pleasant and things go smoothly.
Work on Your Relationship
There’s always room for improvement in any relationship. As you round out the end of your annual cycle, take an objective look at how it went.
- What were the issues?
- What do you need to do to improve, and what was simply a difference in company cultures?
- Was the Assessor too rigid or unreasonable?
Regroup with your Assessment firm and share your observations. Share the things that you noticed didn’t go so great, and that you’d like to improve on for next time. Ask for their thoughts on it. An Assessment firm with a good head on their shoulders will welcome that kind of dialogue and, better yet, appreciate it.
Find a compliance Assessor you won’t regret hiring
The Beginning of a Beautiful Partnership
There’s no magic formula for a perfect relationship with your Assessor. But these best practices will set you up for a better working relationship, and they’ll give you a better chance at a rewarding partnership that strengthens your business.