Virtualization Technology News and Information
VMblog Expert Interview: Patrick Sullivan Explores A-LIGN's First Annual Compliance Benchmark Report Findings


A-LIGN, a leading security and compliance provider to 2,500 global clients, released the results of its 2021 Compliance Benchmark Report, revealing that while COVID was a tectonic shift for businesses, compliance programs were largely unimpacted.

To learn more about the report and its findings, VMblog spoke with Patrick Sullivan, Director of Customer Success at A-LIGN.

VMblog:  What does A-LIGN's Compliance Benchmark Report cover, and why is it important?

Patrick Sullivan:  A-LIGN's Compliance Benchmark Report analyzes the survey results from over 200 cybersecurity, IT, quality assurance (QA), internal audit, finance, and other professionals about their compliance programs. We asked about their organizations, how they run their programs and the impact of the COVID-19 pandemic on their compliance plans. 

It's the first of its kind - helping organizations compare 7 aspects of their compliance program to peers by industry, by revenue, and by employee size. It also offers an analysis of all the survey responses to highlight the latest trends and provide a set of expert recommendations that any organization can use to improve its compliance program in 2021 and beyond.

VMblog:  Why did A-LIGN decide to launch its first Compliance Benchmark Report during a global pandemic?

Sullivan:  The pandemic forced organizations of all sizes to quickly adapt to distributed workforces and make huge shifts in corporate operations, all while new threats were seeking to take advantage of those changes. Faced with the rise of remote work, diverse departments had to find new ways to complete their work from numerous locations and home offices, while security professionals scrambled to protect them.

We knew from our clients that compliance didn't slow down during this time, so we were wondering how IT and cybersecurity teams - already accustomed to using technology to automate processes and improve collaboration - were applying that to compliance (for example, keeping audits on track with teams scattered across locations). We used this as an opportunity to analyze how these organizations stayed on track, what changed, and what trends we should expect in a post-pandemic world.

VMblog:  What did it reveal about security and compliance programs?

Sullivan:  We learned that organizations approach audits as disjointed, redundant projects, with 85% of respondents conducting more than one audit a year. Only 14% consolidate audits into a single annual event. And because 64% of respondents conduct annual audits to drive new business, it left us with the question of why so many organizations don't streamline their compliance programs with technology, and master audit plans.

We also found that the patchwork of privacy laws is having an impact on compliance programs, with 71% of respondents saying that privacy regulations had an impact on their compliance practices. Many noted that increased requirements and upcoming legislation are driving these changes-48% said that growing privacy requirements are necessitating additional work, while 27% said that proposed legislation is pressuring them to stay more current.

VMblog:  What was the most surprising result of the Compliance Benchmark Report?

Sullivan:  Nothing can stop cybersecurity and compliance, not even a pandemic.

Given how COVID caused disruptions to the rest of the world, we were surprised to see that 85% of companies kept their compliance programs on track. In fact, 60% of respondents said that the pandemic had no impact on their compliance programs.

We were also surprised at how few companies are leveraging technology to streamline the audit process, especially since so many other processes within IT have benefited immensely from specialized tools and platforms. In fact, only 25% of respondents stated that they are using a software solution to prepare for audits and assessments.

VMblog:  What do the results mean for companies running compliance programs moving forward?

Sullivan:  We found there are opportunities for organizations to streamline their audit programs to make audits more efficient and strategic. First, there is a need for organizations to develop and implement a master audit plan in which they assess the requirements of various certifications or reports, identify overlapping requirements, and determine the company's audit needs well in advance. A-LIGN also recommends consolidating audits and auditors to increase efficiency, reduce costs, and streamline processes.

Organizations can also make their audit processes easier by building clear processes, defining roles, and coordinating communications.

Since so few companies are using compliance management software solutions, more organizations should be investing in technology that includes workflow management and collaboration tools that streamline evidence collection and communication with stakeholders involved in the compliance program.

VMblog:  After conducting and publishing this report, how will A-LIGN respond to the challenges and opportunities found within it? 

Sullivan:  Our most successful clients exhibit a common set of behaviors, such as working with us to create a master audit plan and to consolidate their audits. This makes the audit process an easier, year-round effort, rather than a last-minute scramble. A-LIGN clients also use A-SCEND, our proprietary compliance management platform, which helps streamline the entire process by managing evidence collection and the overall workflow of the audit project, as well as allowing clients to communicate and collaborate with their auditors and others on their team.

The results of this survey validate that these patterns can alleviate common compliance challenges, and A-LIGN will be adding additional resources and new features to A-SCEND for the roadmap ahead in response to these challenges. First, we will make the master audit plan process more accessible to the market, as well as create additional tools and resources to assist IT teams and security teams involved in the audit process. With 2,000 active A-SCEND customers, 2,700 active prospects, and over two million pieces of evidence already collected, we are continuing to heavily invest in new features in A-SCEND to make compliance projects faster, easier, and more efficient.  


Published Tuesday, April 20, 2021 8:03 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2021>