Don't Just Have a Compliance Season, Have a Culture of Compliance

John Just

John Just“We want compliance training to be impactful like your security awareness training.”

With this sentiment, our customers have been quite clear about what they want to see from our compliance training library Compliance Plus. Our customers have gravitated to our approach of deploying engaging, ongoing, high quality security awareness training and want to see the same for compliance topics.

In a study from market research firm Ipsos, 80% of workers believe regular and frequent training is more important than formal workplace training, so our customers seeking a similar approach to compliance training are in good company. 

Still, other organizations treated security awareness a lot like they had been treating compliance training: roll it out once per year and just check the box so we can say we have trained people in case (really when) something happens.

Seeking a Culture of Compliance

The most successful organizations focus on changing behavior and ultimately the culture of organizations. This means that the training is engaging, ongoing and high quality. The goal of such training should be for employees to feel a genuine effort was made to connect with them. This is accomplished by explaining possible consequences, providing real examples, and making them connect with the organizations possible threats of non-compliance. 

Creating a culture of compliance has its own momentum and is closely tied into the overall organization’s culture. It can be daunting to think about trying to make an impact, some think it impossible. But we have many customers who are doing it. 

Notice, I didn’t say we are helping people or we are doing it for them, because they have to own it. We just provide assistance and materials where we can. No consultant, audit, or even training provider can make enough of a difference to make an organization have a strong culture of compliance. 

Choosing the right partners for your organization is important but the main factor is having the will to make the changes that need to be made and putting forth the effort required to be a compliance program that is a model for best practice.   

Getting Out of the Compliance Training Rut

Some organizations are stuck in the rut of a compliance season mentality that just says, “Let’s get this over with.” We have to expect more from our training programs if we are going to get more and do the training more than once per year. 

Changing organizational culture is hard work, but it is worth it. Organizations are spending an hour or two of all of their organization’s time per year. That is no small commitment, and everything should be done to maximize this investment - including trying to make a real difference in reduction of risk and avoidance of possible negative outcomes. It is the mitigation of this risk where the ROI on your training investment comes into play. 

Beyond Once-Per-Year Compliance Training

When building your compliance training initiative, make a plan that is well thought out for the year, one that includes ongoing training with high quality primary and supporting materials.  The aim should be to educate employees about current risks, how their behavior can contribute to those risks, and what could happen if behaviors don’t change. 

It only takes one issue from one employee who is not paying attention or has not received adequate training to lead to an incident of noncompliance, thus increasing the possibility of civil money penalties. Mitigation of risk and the return on your training investment is dependent on content that is relatable, relevant, and remembered.

We need to move away from thinking of compliance training initiatives as a season that will pass and begin to think about moving the needle when it comes to a culture that embraces compliance and has it top of mind. 

If you want to continue this discussion, reach out to us today and schedule a call to learn about more best practices we can share with you from customers who have been successful in building a culture of compliance.

Get a Quote for Compliance Plus

Get new-school compliance training at a no-brainer price with KnowBe4's Compliance Plus. Find out how affordable this is, get a quote now!

CMP-Collage-S-ALTCompliance Plus gives you:

  • A whole new library with fresh compliance content updated regularly
  • Coverage of legislative requirements, such as HIPAA and many others
  • New-school high-quality customizable modules
  • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
  • Completely automated compliance training campaigns with world-class support and extensive reporting

Request A Quote

PS: Don't like to click on redirected buttons? Cut & paste this link in your browser: 

Topics: Compliance

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews