What is Lean Compliance?

At Compleye we practice a Lean Compliance Approach, and our Compleye Platform supports that way of working. Lean Compliance (LC) for us is a natural way of working – you will need to let go of the ‘corporate compliance approach’, the old-school way of working. In LC you will put your business and product in the core and build compliance elements around it, instead of letting compliance rule your organisation.

The 5 Lean Compliance Principles

Inspired by the Lean Startup approach of Eric Ries we have defined 5 Lean Compliance Principles as our intentions are to innovate the old-school-compliance approach and make it again (almost) fun. Lean compliance speaks to the entrepreneurial mindset. It’s about innovation, excellence, expedience, and accountability. Our 5 lean compliance principles:

  1. Compliance is everywhere
    (about creating a security culture in your organisation)​
  2. Compliance is the new operational excellence
    (about what you need to make swift and good decisions)​
  3. Compliance is validating your assumptions
    (about Improvements, controls and reviews)​
  4. Compliance is accountability
    (about reporting and transparency)​
  5. Compliance is innovating your organisation
    (about continuously improving and maturing security culture)​

In Lean Compliance the compliance core is your X-ray, a Visual of your value proposition, divided into smaller components, connected with compliance elements (e.g., policies, suppliers, improvements, operational controls) to enable a lean risk management approach. That is only way how you can stay Agile when your business or product roadmap changes – there is only one constant in the world nowadays and that Change. Translating the complexities of regulations and industry standards, written for corporates and regulators is the last value of Compleye. With our Compleye Wiki we Simplify standards into understandable requirements, so you can build your own Compliance Roadmap.

Implementing these values with our clients made it possible to get – even the smallest – companies ISO27001certified without critical non-conformities. The only condition for clients is the intention of building a security & privacy management system within your organisation and assign resources. Compleye can assist or connect you with resources needed. For us it is key to invest in building your own system, as this will embed a security awareness culture in your organisation that is needed by every organisation nowadays. Once you understand what the risks are, you can make wise decisions on outsourcing when scaling the business, taking the LC Principles into consideration.