85 percent of respondents completed their planned audits or assessments, while highlighting new opportunities and challenges for compliance teams
Tampa, FL (April 20, 2021) – A-LIGN, a leading security and compliance provider to 2,500 global clients, today released the results of its 2021 Compliance Benchmark Report, revealing that while COVID was a tectonic shift for businesses, compliance programs were largely unimpacted. In fact, viewing IT operations through the lens of COVID, cybersecurity teams have compelling opportunities to consolidate audit operations and leverage technology to accelerate the compliance process.
A-LIGN’s 2021 Compliance Benchmark Report is the first of its kind – helping organizations compare seven aspects of their compliance program to peers by industry, by revenue and by employee size. Compiled from survey responses across 218 companies, it validates that cybersecurity audits and assessments are essential to business growth and mitigating risk, and not even a pandemic can undermine these critical programs. It also uncovered numerous trends in compliance and offers organizations insights into common pain points, potential practices to adopt and areas for improvement to make auditing less painful and more strategic.
“As new threats evolved to take advantage of the pandemic, the need for companies to demonstrate they were protecting the data entrusted to them was as important as ever,” said Patrick Sullivan, author of the report and Director of Customer Success at A-LIGN. “This report confirms how critical SOC 2, ISO 27001 and other attestations are to business relationships, while also revealing some significant ways organizations can save time and resources when conducting them.”
Key Findings from A-LIGN’s 2021 Compliance Benchmark Survey Include:
- Companies have experienced minimal disruptions to their compliance programs during the pandemic. 85 percent of companies completed their audits as planned or with an extension, and 60 percent had no change to audit timing. Additionally, 71 percent continued with their audits and assessments remotely instead of in-person.
- Organizations conduct multiple audits as disjointed, redundant projects. 85 percent of respondents conduct more than one audit a year, yet only 14 percent consolidate audits into a single annual event. Consolidation is weakest in healthcare (only 6 percent) and highest among technology companies (still remarkably low at 26 percent).
- Compliance helps win new business. The survey found that although there were many different drivers of compliance projects, 64 percent have found a common benefit from conducting audits: winning new business.
- Audit automation isn’t automatic yet. Only 25 percent of respondents stated that they are using a software solution to prepare for audits and assessments such as an automated security, compliance or governance risk compliance (GRC) solution.
Although companies experienced minimal disruptions to their compliance programs in the last year, A-LIGN found opportunities for them to streamline their audit programs to make audits more efficient and strategic:
- Create a master audit plan. A-LIGN recommends consolidating audits and auditors into a master audit plan, making the process a single annual event. For organizations pursuing multiple audits, it’s likely that much of the data and evidence will overlap. Working with different auditors across multiple audits can also lead to inefficiencies, added costs and disparate processes.
- Establish strong communication and collaboration. Organizations can make auditing easier by building a clear process, defining roles, and coordinating communication. A-LIGN helps clients build out these best practices as year-round processes, supported by 24-hour response times and dedicated teams to ensure your audit is completed efficiently.
- Invest in technology for efficiency. Technology remains a significant opportunity for saving time, effort, and money. With technology that includes workflow management and collaboration tools, like A-LIGN’s A-SCEND platform, organizations can put in place processes to accelerate their audit and complete it smoothly.
The company’s first annual survey was conducted after nearly a year of remote work brought on by the COVID-19 pandemic, asking 218 cybersecurity, IT, engineering, legal, QA, internal audit, finance, and other professionals about how organizations run compliance programs and the impact of the coronavirus pandemic on compliance plans. Responses were collected between November 2020 and February 2021 representing a multitude of industries: technology, IT services, professional services, media and entertainment, healthcare, insurance, legal, retail, finance and banking, manufacturing and construction, government, among others. Organizations can use the benchmark data, compiled by industry, revenue, and company size, to compare various attributes of their own compliance program with those of their peers.
For more details and a comprehensive analysis of the research, download the 2021 Compliance Benchmark Survey Report here: ip.a-lign.com/compliance-benchmark.
A-LIGN uniquely delivers a single-provider approach as a licensed SOC 1 and SOC 2 Assessor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, designated CMMC C3PAO, and Qualified Security Assessor Company. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience. For more information, visit www.A-LIGN.com.