Monday, September 29, 2008

Compliance for Hackers

Some people spend their professional lives working with compliance issues and the minutiae of complicated regulations- but in small business, compliance is usually an occasional tormentor to be dealt with and then ignored as quickly as possible.  What a terrible waste of an opportunity.

Personally, I haven't had to deal directly with compliance issues since changing jobs last year, but I do still occasionally work with customers and clients as they battle the dark forces of the demon checkboxes.  But that is the wrong attitude; compliance is a pain, but we need to look at the issue in a different light- how to exploit it for our own purposes.  Besides simply checking off boxes, you can spin this to push through real improvements.  I've used compliance audits to initiate improved password policies, beef up backup systems (except I had to call it "disaster recovery"), improve physical security for HR files, and more.  Of course, you still have to do the work required for whatever compliance project you are facing, and you can't get too crazy with the tangential projects.  And, as a bonus, the smug satisfaction you get from subverting the process for your own goals can really make the rest of the project much more palatable.