Compliance by design | Continuous Compliance

Just hearing the word ‘compliance’ creates fear and loathing with many project teams. And true, the traditional way of assuring compliance, with big up front requirements gathering, waterfall stage gates, and verification / certification at the end is a bad one: neither does it satisfy the demands of fast paced, value focused product or service delivery, nor does it satisfy the demands of an increasingly strict and complex regulatory landscape.

And we can only expect the compliance landscape to become more complex: recent failures in banking, but also the emergency of technologies such as blockchain, machine learning, AI and autonomous systems are already having their impact on the compliance landscape.

So it is time for a new approach: ‘compliance by design’ or ‘continuous compliance’ takes the stance that involving compliance early and continuously through the full product lifecycle leads to better outcomes for our products but also compliance itself.

Based on experiences in FinTech, MedTech and EdTech this talk presents the reasons why the current approach to compliance must change, what a sustainable, valuable compliance approach must look like, and how we can transition from one to the other.

It then describes a framework for continuous compliance across the entire product lifecycle from analysis to design, development to release, and operation.

It demonstrates how the outcomes are far more pleasant working with (and for) compliance, better products that have higher degrees of compliance and improved compliance operations be this as part of BAU monitoring, ad hoc auditing, periodic certifications or incident management.