The COVID-19 pandemic has introduced a seismic shift in the way GRC professionals view the concept of resilience. On a recent episode of LogicGate’s podcast, GRC & ME, Emily Heath, Chief Trust and Security Officer at DocuSign, shared her insight on how the last year has amplified the need for organizations to be nimble and adapt to what is happening in the world.
No longer is it just a business continuity or disaster planning activity, but resilience has become a valuable business process, Emily noted, “Resilience is really an organizational responsibility to bounce back as quickly as possible with as little impact on the business.”
Those who bounce back better, faster, and cheaper are likely to be big winners in the post-pandemic world. And those who earn and establish trust with their stakeholders, employees, and customers will create a foundation for stronger relationships internally and externally. How organizations recover from the pandemic has become a matter of competitive advantage.
Building Customer Confidence
When an organization knows what matters to it, and how it is prepared to protect it, that internal confidence can manifest itself externally as well, Emily explained, “First and foremost, it gives not only the internal company, but your customers, a lot more confidence, that you are able to be transparent and articulate that it's not just about data.”
To create confidence, a degree of trust must be built and maintained in every relationship. One way to achieve this is through providing transparency to the customers about the risks around the critical processes. While annual shareholder statements will describe risks and their treatment, a less formal approach would be to engage customers in resilience dialogues. These can be used to ascertain the customers' service level expectations in a crisis, and therefore help to manage expectations both internally and externally. This not only builds trust but demonstrates a commitment to high-quality service and serves to create delighted customers and strengthen the relationship.
In GRC We Trust
While many GRC professionals are content to remain focused on the internal processes that matter and ensuring that security is adequately maintained, the true value of GRC only becomes evident when it is part of a broader ongoing dialogue with customers, both internal and external.
Building a relationship with customers is vital for a GRC professional, said Emily: “We believe in being transparent with our customers. We want them to feel they have confidence in what we do, and to me, that is the difference between trust and security.”
To achieve this, the GRC professional needs to get comfortable with the soft skills of reading relationships and building rapport and trust across organizations and beyond. By achieving this, they position themselves as the trusted partner to the business.
Employee Trust
It is also important to note that the sound relationships developed within an organization are not just between the business and its customers. That need for trust extends to employees as well.
Emily described this need for trust by saying, “There is a trust you build with your employees too. It’s about being responsible and making sure they have a voice.”
This is how you can extend the reach of GRC into every aspect of the business. This can help to build trust in the management systems and act as a reminder that they exist for staff protection. Having staff feel comfortable approaching the GRC team with any concerns they may have is invaluable insight and adds many more threads to the spider web of relationships.
Resilience Beyond Business Continuity
The pandemic has offered the GRC community a once-in-a-generation opportunity to reposition themselves in the eyes of business leaders.
The difficulty of the pandemic forced many businesses to change for the better, according to Emily: “I almost feel like that very traditional disaster recovery business continuity concept has just expanded so much because we start to think about it differently.”
Rather than being the stale academic custodians of bureaucratic regulation control, they have the chance to become the champions of competitive advantage. Now is the time for resilient organizations to not just bounce back but to bounce forward to a more effective and efficient new normal.
Ecosystem Protection
Even before the pandemic, the world within which organizations operated had become more interrelated than ever before. Globalization has resulted in supply chains that stretch around the world, creating a complex ecosystem around every organization. Add the exponential growth of risk both internally and externally since COVID-19 arrived, and the organization faces a veritable tsunami of uncertainty.
Given this situation, the old tools for monitoring and managing risk are no longer up to the task, according to Emily, “You can't run your security program and your risk profiling based on a spreadsheet, you need technology to support you and to support your team”.
This is where tools like LogicGate can become a differentiator to an organization. By enabling identification, workflows, and above all transparency around the extended ecosystem, such tools can play a massive role in transforming a resilience program, ensuring that the organization can plan for the best but be prepared for the worst of any event. To learn more about how LogicGate’s Risk Cloud can help you build operational resilience and trust at your organization, visit logicgate.com or request a demo.