If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits of that effort during the audit!
I have been involved with performing arts since 2005, and one thing I learned from it is that you should achieve success and nothing less in your musicianship. So why shouldn’t your business achieve the same?
“The difference between ordinary and extraordinary is practice.” – Vladimir Horowitz
What can your business do to become extraordinary?
One way to prepare for an audit is to build a strong Information Management System. Frameworks like ISO 27001 can provide a solid foundation for this. Here are some lessons I have learned on my musical journey that can equip your business’ journey to achieve compliance craftsmanship:
Let your “why” be stronger than your “why nots”
Practice requires time, effort, and a strong desire to be better. One reason for musicians to practice is to make it into the best ensemble possible. Once you’re in, you encounter difficult music for which you need to practice more.
Additionally, the members of the ensemble now depend on you to play well so they can perform well. This creates a cyclical need to practice more and more.
Audits ensure your business is following best practices and foster customer assurance in your products. Your business can get there with leadership’s drive to improve and practice those standards.
It’s easy to perform poorly and lose the understanding of why your business runs the way it does. But business leaders can leverage information security policies to clearly define the “why” of your business. Policy requirements are derived from the business strategy, laws, regulations, and the ongoing threat of cyber-attacks.
Business leaders need to drive efforts to create and approve these policies. Once policies are approved, employees need to be aware of and acknowledge them at their on-boarding process and annual training. This ensures the “why” is communicated well to your business.
From learning the business’ flows, opportunities will arise to improve daily business activity. Leadership must review established policies often to ensure their suitability, adequacy, and effectiveness. This creates an ongoing cycle of practicing the best standards and adapting to the market.
Know your instrument and music
The more you practice, the more you learn about your instrument and improve the music you are producing. The same concept applies to your business!
ISO 27001 implementation projects allow your business to see itself from a wider perspective. The ISO 27001 framework can help identify and create security controls in areas such as Human Resources Security, Asset Management, and Physical and Environment Security.
Through performing risk assessments and internal audits, your business has the chance to remediate any risks and seize opportunities for improvement!
Practice performing in the big shows
Music is not just meant for small practice rooms, but for the grand concert halls. To the world, the product your business offers is that music!
Many people like to show off their products at conventions, in sales pitches, and on social media. But there is always the uncertainty of success in those efforts. To reduce uncertainty, your business can earn the ISO 27001 certification. This will affirm your business’ commitment to information security and reduce the amount of time spent on customer due diligence.
As your business continues to grow, others will question and scrutinize it more. When your business has an ISO 27001 certification, it can showcase products to others with confidence and get the standing ovation it deserves.
Feedback leads to improvement.
The show isn’t over until you quit. You have to practice constantly to be the best musician. In business cases, compliance can only bring your business so far. It’s the commitment to continual improvement that makes a world-class security organization.
Your opinion of yourself isn’t enough by itself – you have to surround yourself with the best people in your field. Every great musician needs input from musical instructors: positive feedback (to know if they are practicing well) and negative feedback (for the sake of improvement).
Your business can get consulting services from third parties to ensure it is implementing the best standards. From receiving independent feedback, your business can learn where to improve.
Cybersecurity consulting firms can provide guidance and reassurance just like a musical instructor. Information security reviews ensure the business’ information security program is implemented and operated in alignment with organizational policies and procedures.
Great musicians always get inspired by other great musicians to practice more. With great companies trending more toward true security, compliance can be a competitive advantage for firms that keep seeking out best practices!
Through showing grit in your compliance practice, the music your business creates is the security story that increases customer trust!
Remember that the thing holding your business back from best practices is lacking a strong “why”. Your business will have to perform on the audit stage sooner or later. Will your business be ready by then? How can your business get there?
Through practice, of course!
If your business is interested in learning how to implement the ISO 27001 framework or other ways to improve your business practices, come get coffee with us for the next steps!