ComplianceOps is the union of people, process, products, and data to maximize continuous adherence to policies and procedures.
The above definition borrows from the definition of DevOps, which is an analogous function to ComplianceOps that has emerged because of factors that have similarly driven the need to define and operationalize ComplianceOps. The factors that are driving the establishment of ComplianceOps include the following:
Most compliance and privacy programs start with policies and procedures. These policies and procedures need to be implemented and operationalized, not just at day zero but also continuously. All too often, ComplianceOps is the missing piece in implementing and operating a company's compliance program.
ComplianceOps at most companies involves the collaboration of Compliance, or potentially GRC, and Operations, assuming that some functions, such as Security, exist under Operations. Compliance / GRC ensures that policies map to data regulations and assists in the functions of internal and external audit. Operations owns the day to day work of managing technology and processes associated with the management of technology. ComplianceOps marries the two so that following procedures, and documentation of operations of privacy procedures, is not an afterthought or sprint at audit time.
This is harder than it sounds, which is why very few companies have effectively built a ComplianceOps function. This lack of ComplianceOps, or lack of maturity of ComplianceOps, translates into increased pain and cost at every audit and security review. When Compliance is disconnected from Operations, the creation of evidence to prove implementation of policies and procedures is expense and error prone. The risks are high and can result in 1) failed audits, 2) lost trust, and 3) expenses, both direct and indirect, incurred to remedy gaps between Compliance and Operations.
The challenges limiting the adoption of ComplianceOps stem from the need to operate a cross functional group across the entire lifecycle of compliance; there is not a product or service that can be hired to solve it.
Effective ComplianceOps functions across the lifecycle of compliance.
Compliance and Operations have long operated in silos. The problems with this approach have worsened as more and more operations have been pushed down to lower level employees and software developers. Self service, SaaS, and the Cloud make ComplianceOps an imperative for organizations that want to operate businesses in 2020.