Socks (SOCS) and Root Canals

You probably opened this just to make sure I wasn't drinking this week while speaking with you through this article.  Socks and root canals, really?  So let me give you the background.

One of our offerings is software for financial institutions.  And I probably don't have to tell you that security of data is of utmost importance to financial institutions. It's not only of utmost importance, it's vital and it's a fight they fight every day with lots of people in their armies.  Depending on who is counting, cyber crooks are stealing as much as $1 billion a year in increments of a few thousand dollars to a few million per theft from small and mid-sized bank accounts in the U.S. and Europe.  So as a vendor I work within this reality and accept how it impacts how we serve these clients even though our software doesn't have anything to do with money or customer information.  We work within all the requirements our various clients have to give them what they need to be as secure as possible.  That said, we were recently asked to add another level of certification attesting to security levels and embarked on obtaining a SOC2 Examination and Compliance Report.   Huh?  Why were they asking if I had a "sock2?"   Was I just not hearing them right?  Were they talking about socks in the laundry?  Nope, seems we had just entered into a new area of compliance - the world of Reporting on Service Organization Controls - SOCs.  A SOC is a compliance audit typically done by an outsourced accounting or specialty firm.   Just think "audit" and you'll get what I'm talking about.  This was new territory for us and as we started our research we quickly learned this was going to take a lot of effort, time and money. 

But the good news that I want to share with you is we landed with what I think is the right company to help us with the project.  Why?  Because of how they explained things in our very first meeting.  Our representative clearly knew how to put us at ease (as much as anyone could) about the process.  He knows that no one likes going through the process and he was upfront, professional and truthful.  In our first meeting he told us no one likes to go through the process.  He described it like getting a root canal.  Your tooth is hurting.  The dentist gives you the bad news that it can't easily or inexpensively be repaired.  Further, a good dentist tells you he's sorry, he'll make it as painless as possible and talks about how in the end you're going to be really glad you did it. 

That's it.  He put things out there with his genuine "I feel your pain".  Then he talked us through how things would go, and gave us a positive picture of where we'd end up.  Genius!  Why, because how many times does something like this not go this way?  How many times do people lack the communication skills to put their client at ease when there's an unpleasant task that needs to be done?  How many times is avoidance the applied method?  Can you think of times when you can use his method of working with existing or prospective clients?  I know I sure can.  While I'm not looking forward to the work its going to take to get my SOC (sock), I'm mentally better prepared.