And one of them is about operationalizing compliance.
(Seriously, it was basically a job requirement to learn how to say “operationalizing” without stumbling over the 27 syllables ... before 2017, I’m pretty sure the only people who knew this word were psych majors.)
I've even shared some of the ways we operationalize compliance when I co-presented with a compliance rock star, my girl Harper Wells from True Office Learning at SCCE's SoCal Regional Conference earlier this year.
I got to meet some of the GIA compliance team afterwards and we took a selfie so they could show Beth—hey Beth!—we actually met in real life.
But in case you missed that session, you may have the question: what does operationalizing compliance really look like? Like in a really practical, just-getting-started-with-the-concept way.
And that's where today's blog comes in!
Right audience + right guidance = right behavior
When we think about operationalizing compliance and driving behavior, one of the first things we consider is the audience.
Why? Well, like you, we execute risky tasks on a daily basis. But not everyone at Broadcat experiences the same risks. So we don't train all Broadcats on how to navigate the universe of all the possible risky things out there.
Makes sense, right? No need to train our marketer on how to protect IP assets in InDesign when she doesn't have access to the program. Otherwise I'd have a pretty unhappy marketer on my hands!
The next step is choosing the right guidance. For operationalizing compliance, that means teaching people how to do their jobs the right way. The first time, every time.
Not only does this mean that we're able to drive the right behavior, but we get two amazing side effects:
(1) Broadcats are engaged with "training" because they're getting guidance on how to do their jobs the right way. (Which means I’m not chasing employee engagement or completion rates with a sharp stick. Been there, done that, got a t-shirt.)
(2) Since I’m paying attention to how people do their jobs, I focus on their work product, not a checked box. If they don’t need to reference the guidance we serve up every time, that’s great! But that guidance is always there for them—so they have it when they need it.
I know, right?! It's kinda magical.
Let me walk you through a few examples of what that all looks like.
Designing world-class IP protection!
As a compliance design company, we take compliance of visual assets—of our own and those of our customers—very seriously. We’ve programmed this attestation into our publishing software to remind our designers of the do’s and don’ts of how we create things here at Broadcat. These confirmations must be in place every time a file is saved, so there’s either compliance or someone’s knowingly being non-compliant.
Protecting confidential info from Demolition Man-style video cameras!
We’ve got a sweet vidcon setup at Broadcat HQ so we can see our awesome customers face-to-face more often. (Wanna see it in action? Take a peek at this video here.) We take video calls and have team meetings in the same room, so there’s a risk of sensitive information being shared outside the company. We’ve used our own Conference Room Kit on canvases and boardroom-worthy coasters to remind Broadcats to erase the boards before calls and before they leave the room.
Locking out physical-safety and theft risks!
We keep our door locked every day, but we take extra precaution overnight. This timely (and colorful!) reminder is on the back of the door near the knob so it’s hard to ignore. And the result? Broadcats doing their jobs compliantly!
Being classy, not trashy.
To nudge Broadcats in the right direction, we added a sign on the recycle can that’s clearly visible when someone goes to throw something away. We’ve diverted countless Diet Coke and Monster cans, water bottles, and junk mail from the landfills.
Drive-ing (ayyyyy) our way to solid data protection!
Operationalization extends to controls, too, of course: we’ve designed compliance right into our IT setup. Each of our Team Drives has been created with a need-to-know (or need-to-delete, as the case may be) purpose in mind. This means that not everyone has access to all of our folders, and not everyone can just delete files all willy-nilly.
The hardest thing about operationalizing compliance should be saying “operationalizing compliance” out loud without sounding drunk (Rural Juror, anyone?). It doesn’t have to be fancy—it just needs to be a control or nudge that’s built into how employees do things.
Here’s what to remember: start with something that you can easily achieve, show others the impact you’re making, and you’ll have a slew of examples yourself soon, too!