Regulatory Compliance Now Impacts Customer Support Industry

By Fred Pack

UniPress Software

 

While speaking with a customer recently, it hit me; right now it seems as if a perfect storm is brewing in customer support departments.  Budgets are being reduced, staff levels are dipping, and yet, performance expectations have never been higher. 

 

Stringent regulatory compliance mandates are the final element of this perfect storm. As if today’s support managers don’t already have enough on their plates, they’re now being asked to comply with various government regulations, including the Sarbanes Oxley Act (SOX), American Health Insurance Portability and Accountability Act of 1996 (HIPAA), and others.  The effect of these new regulations is that organizations are now required to put formal controls in place to ensure that departmental and individual activities are as definable and auditable as possible. 

 

A good overview of leading regulatory mandates can be found here.

 

The reason for this new emphasis on compliance is quite clear: Today’s organizations--and the executives who run them--operate in a new, more accountable business environment. If they don’t run a tight ship, they could lose their jobs; or even worse, go to jail if certain activities are not in compliance. Regulators, including the SEC, are no longer simply imposing financial penalties on companies; they are holding individual executives accountable and handing out jail sentences to those found guilty of wrongdoing. 

 

Fear is a truly great motivator, thus companies and executives are quickly installing tighter controls throughout their operations. The first departments to get compliance attention typically were financial and operational areas, including information technology (IT).  What’s happening now is what I call “trickle-down compliance.” Companies are looking at all areas of operation, including service and support-related departments and ensuring, at minimum, that there are basic controls and compliance tracking mechanisms in place.

 

This means that support managers must now be involved in the compliance conversation within their organization and become active members of a broader compliance team. They must also become data shepherds and pay great attention to how the data they oversee is treated and managed.

 

 

Each day, millions of bytes of data pass through the customer service and support systems at a typical organization.  Before the compliance wave hit, how this data was managed was not of vital importance outside the support department. But now, how that data is handled is of paramount importance to all parties—internal and external. Formal processes and controls must be in place to ensure that the defined conditions are met while managing all that data. 

Each organization and customer support department is unique, thus its compliance program will be a custom creation. Working with various groups, including IT, general counsel, and internal customer advocates (among others), support managers must control access to customer and other user data within their core systems, manage data storage, and ensure data integrity and privacy.  In short, customer support-related data management must be a formal process—much more so than it was only five years ago.

 

 

Per the expanding compliance mandates, organizations have to keep nearly every piece of data for a specified number of years, and they must store it in a dedicated location and format that guarantees its integrity. And saying they lost or cannot produce court-requested data is about as viable an excuse as saying “the dog ate my homework”. 

 

Within the past several years, in some very well publicized cases, courts have levied multi-million dollar fines against companies for failing to produce requested data. Their inability to produce data equaled guilt, in the eyes of the courts. For this reason, support executives must be well versed in data storage, a language previously foreign to them.  The basic data storage rule is: keep it safe, keep it handy, and keep it clean. Customer support executives must work closely with their IT peers and their organization’s CIO to ensure the data they manage is being properly stored.

 

 

 

This is because early SOX cases involved allegations of wrongdoing by corporate executives who ordered IT staff members to manipulate data, modify programs, and ignore basic system controls in order to supply incorrect data for financial reports and audits. As a result, regulatory auditors now demand that greater IT change controls be put in place. For executives in charge of IT operations, this means they must address the new reality and develop formal change control procedures and policies sooner rather than later.

 

 

Support executives, including many customers I speak with, are often intimidated and confused by their compliance burden, mostly because it is uncharted territory. But the good news is that management teams seem to understand the need to meet the mounting compliance mandates, and resources, help, and guidance are usually readily available. Support executives should join forces with their peers and discover the many ways to get involved.  For instance, they can join their organization’s compliance committee, change control board, or other peer groups.  Whatever compliance efforts are underway, senior members of IT and the support department should be heavily involved. 

 

 

Due to the complexity of managing and tracking compliance mandates in today’s integrated and disparate support environments, technology is absolutely required. Most progressive software support vendors have retrofitted their existing solutions, or developed new ones, to automate many aspects of compliance management and tracking.  In fact, with each new release, support solutions contain many additional compliance-related features.  

 

Customer requests are coming fast and furious, and technology developers are working overtime to meet this demand. My customers are no exception. As a group, they keep us busy with new requests, many focused around helping them effectively manage change and create custom and on-demand reports that simply were not possible, or needed, two years ago. Compliance regulations are also creating a new class of technology solutions that deliver many fringe benefits to support organizations, including process enhancements and improved performance metrics and analytics. 

 

 

Compliance mandates—or as I call them, “the final ingredient to the perfect storm for the support industry”—are here to stay.  And like it or not, today’s support executives must respond. 

 

From my direct experience in this area, compliance success comes when support executives, in conjunction with commitment from management, work together with various department heads to ensure data management policies and formal change control processes are in place within all internal and external support centers. The shadow of compliance has not covered all areas of the support function—yet. But it will.

 

Now is the time for support executives who have not yet been affected to learn how compliance will ultimately impact their organizations and their specific areas of operation, and begin to assemble a plan of action. Now is also the time for technology vendors and industry pundits to focus their collective efforts and knowledge on advancing the compliance agenda within the industry, without crossing that fine line of fear mongering.