Brought to you by Blue Chip

IT compliancy

Applying IT compliance to your business

Businesses are realising that compliance is more than just a tickbox exercise. Blue Chip has always excelled in meeting and exceeding standards, which is why many industries are forging new relationships with this innovative services provider. Derek Waterman, the Chief Compliance Officer to talk about the importance of compliancy.

Derek Waterman

Chief Compliance Officer at Blue Chip

Blue Chip is renowned for its IT compliance and certifications. Our Chief Compliance Officer, Derek Waterman, was recently interviewed on the Disruptive Live channel on how IT security and compliance should be shaped around a business.

Jez Back: We have Mr Derek Waterman, the Chief Compliance Officer from Blue Chip. Welcome, sir!

Derek Waterman: Hello! Thank you very much.

Jez Back: So, people would argue - compliance, cloud - bit of a dry subject, a bit of kind of hard work on an afternoon after we've been at conferences all day, but... bringing it to life. One of the biggest challenges in my mind when we're talking about compliance, is getting key stakeholders from the board to really get behind it, to understand it.

Derek Waterman: Yep.

Jez Back: Is that where you see a lot of your focus and time and effort, and if so, what are the challenges?

Derek Waterman: Yeah, I think it's a really good point. I think compliance typically, I think a lot of organisations approach compliance as a tickbox exercise - 'What do we think we've got to do? And do we do just enough to get certified and just to get a certificate on the wall?'

Will Spalding: Yeah.

Derek Waterman: For me, doing the certification, getting certified is the easy bit. What makes the difference is actually making it work and making it stick and actually bringing value to the organisation. So rather than potentially, say for example, an ISO standard, driving everything that happens in the business, it should be, for me, it's about the business, what does the business need? And that making that framework, making that ISO, if you like, work for your organisation's needs.

Will Spalding: Yeah, because that's the thing isn't it? I mean, it's a slightly different subject to what we normally cover on here all the time as well, and compliance for a lot of companies, especially smaller companies as well, I'm talking under fifty, HR gets involved in that area too as well... How do you get companies like being at a tech event like this, really engaging in it and really bringing it, I suppose, to the forefront, rather than it being somewhere...

Jez Back: Yeah, 'just give me a report on it and we'll see it, thanks very much, jog on!'

Derek Waterman: Yeah, to be honest in my experience, over the last few years, it's, I think the bar has had to be raised considerably as far as expectations in our customers. So I think, that's been a great thing for us, some of the large organisations we've been working with, we are working with now, have made us increase our standards considerably. And so, I think people in our organisation realise the importance and now it's not just a 'we have to do it, unfortunately we have to do it', it's a must. Otherwise, they're not going to talk to us. So, and the great thing there, I had some fantastic conversations now with customers and prospects, very much around what I said to you earlier, very much around, how we make it work at Blue Chip. So really now rather than it be 'oh, we've got to have it', it's now a necessity. I think people realise that in your organisation, so it carries more weight.

Jez Back: I think what's, I think there's a trend where, well not a trend, a consequence of power that I saw quite early, but still resonates, which is 'cloud forces good IT practice', but actually, that's slightly wrong. It forces good all-round practice.

Derek Waterman: Absolutely.

Jez Back: And I think you get your services, your processes, your procedures, your compliance, get exposed really quickly when you migrate to cloud, if you haven't got them in place.

Derek Waterman: Yeah, for sure. You know, I mean, at Blue Chip, we have our ISOs, we have information security, business continuity, quality environmental, but then we have a SOC2 accreditation for service organisational controls and then PCI-DSS.

Jez Back: Yep.

Derek Waterman: So, we think that gives a nice portfolio of accreditations which should give our customers confidence, that they're in good hands with us. So, you know, we're in a good place. However, it's very easy to get complacent. So I think for me, it's about keeping us on our toes. We're not perfect. Nobody is.

Will Spalding: No.

Derek Waterman: But I think what our customers like is the transparency around how we approach it. So if we have gaps, we'll be quite open about how what they are and what we're doing to mitigate those gaps, and customers like that honesty.

Will Spalding: So you'll have that honesty and go 'look, this area as Blue Chip, maybe we need to improve on that area as well', and therefore, I think that honesty, rather than all tech companies have got it always 100% perfect, is nice.

Derek Waterman: Show me an organisation that can't still improve.

Will Spalding: Exactly.

Jez Back: And you're completely right, and actually, there are ones that are actively improving all the time by dropping new products every 48-72 hours, AWS and other cloud service providers, to organisations like Blue Chip which are working on the less obvious stuff and actually it might not be so obvious, but it's still part of that good practice, you know, set of skills and practices you need to have inside your organisation.

Derek Waterman: Absolutely, absolutely. And that's what our customers are looking for, so although there maybe some organisations that are far bigger than ours, with a far different governing structure if you like, the good conversations are around 'this is what we do at Blue Chip for this reason. This is what it gives us'. So it maybe different to what you expect to see or what you do yourselves, this what we do and why. And so that provides that confidence, that we know what we're talking about and we understand it, well enough in order to adapt it and implement it in a way that works for us.

Jez Back: So Derek, we're running very short of time, but, before we do that, a bit more questions. As you've gone round today, what are the things that have stood out for you, when you've been looking at other people on other stands, where you can only be going 'okay, that makes sense to me in terms of trends and where things are at this year?'

Will Spalding: Other than Lego of course.

Jez Back: Other than Lego!

Will Spalding: Yes!

Derek Waterman: Yeah yeah yeah, well obviously the Lego.

Jez Back: Given!

Derek Waterman: I think, you know, I'm not at Blue Chip for, and I don't specialise in the technical side of things, so for me I've come down to get a good feel for what's going on. For me I guess the high-level message is that everything just keeps moving forward doesn't it? So we believe we're an innovative company, and you just have to keep moving forward otherwise you get left behind.

Will Spalding: Yeah.

Jez Back: Yeah.

Derek Waterman: And there's so much good stuff going on here and it's been fantastic. And I think that's the thing, you just cannot get complacent
and sit back.

Will Spalding: Fantastic approach and I really appreciate you coming on and actually talking about it as well, it was really interesting and insightful actually, so, I do thank you very much.

Derek Waterman: Great, thank you!