It’s half-past time to kill your organisation’s outdated risk management and assessment tools. 6clicks is here to help.
Risk. Every year, Australian companies across the spectrum of industry are faced with meeting compliance standards and effectively assessing, managing, and mitigating risk. These risks and standards are continually changing to confront new, ingenious, and pernicious attacks on the critical data that businesses collect, store, and profit from. What’s not changing for many companies is the pace at which those practices and technologies are advancing.
For 6clicks CEO Anthony Stevens, it’s well past time to move into the modern era. “It’s time to kill the spreadsheet,” he recently told VENTURE.
Many enterprises, startups, and government agencies use spreadsheets and email as a way to link information available in the public domain to their internal or external compliance requirements and keep those critical routines up to snuff. The amount of manual work required to manage the complexity of information isn’t just enormous, it doesn’t do enough to help shield organisations from the risks they are working so diligently—and with a fair measure of futility—to prevent.
Tackling Risk Head-on
Established last year in Melbourne, 6clicks is helping the modern enterprise redefine their approaches to risk and compliance by connecting organisations, third parties, service providers, and regulators from around the world. And there’s quite a bit of redefinition to be done.
“If we go back to the way people have tackled compliance for decades and is commonplace in a lot of businesses, companies will decide, ‘What will we have to do? What is a regulator asking us to do? What standards are in place for us to do business effectively in the industry we’re trying to serve?’ They have to look at the things that are important to them internally and then check whether those things are actually done. At a very practical level, most companies end up using spreadsheets; they try to build a sort of mapping logic to link everything in the public domain to all the things they need to do internally and how they are progressing against those things,” Stevens explained.
“The thing that we do that people love and want to work with us for, is help map that logic between the public domain and internal controls and everything they need to assess within our system. We do that in a really easy way and that's half the trick. We present 6clicks as a solution to kill the spreadsheet hell. The minute you shift that into a living and breathing system you are then in a better place to think about compliance proactively and put in place processes to manage improvement over time,” he continued.
“We bake in all the standards, laws, and regulations. Our system has a huge library of all the regulations in Australia in the cyber security space and globally. We do that for the same reason, to help organisations get away from going to websites and downloading PDFs and spreadsheets and trying to map those against what they are or should be doing internally. We take away that pain.
“We give companies a whole other template allowing them to undertake assessments very easily against some of those standards. That’s where the 6clicks name comes from because we do that in such a way that it's very easy to get an assessment conducted with 6 clicks of our system. Companies just can't get on top of the regulation because it moves continuously. Regulators are introducing new things or updating existing frameworks that they have in place. That adds a lot of complexity to businesses, and if we can strip that away, automate some of it and allow them to manage their processes more proactively then they're better off and they can demonstrate trust more effectively to their customers.”
Making the Switch
There are three things that companies need to think about as companies digitise their compliance and risk programs. “The first is to understand what information assets or data need to be protected, and then to identify the risks that the organisation faces, what can happen and how to manage those realities,” he said. “The third thing is awareness and education. These take place from very senior levels, boards, the executive team, right through to the software developers and folk on the ground actually doing work around security and understanding what can happen and how to mitigate the associated risks.”
The industry-agnostic 6clicks software platform is used across a number of different industries, from education, government, healthcare, financial services, and others. 6clicks allows companies to easily align compliance and risk assessment against published standards available in the public domain.
“What’s unique about our platform Is the fact that we do both risk assessment and mitigation. We have a solution for undertaking the assessment process so at any point in time understanding where a company is in relation to compliance or risk objectives that they have, and then providing them with tools and features that allow them to manage compliance or risk at any time. Those two things are critical,” Stevens stressed. “In the past, companies did their annual audit or their annual check, and then used that as a way to perhaps pat themselves on the back or undertake changes. We see a world where that doesn't work anymore. You need to manage those things ongoing and in a much more robust manner, and then have formal assessments on a more regular basis.”
One of the biggest challenges for rising new companies is the ability to prove their trustworthiness to their customers. 6clicks is designed to give startups a sought-after edge. “For a lot of startups the most important thing is growth, and that translates into the sales cycle. Typically, the faster you can move through the sales cycle the better,” Stevens noted. “Having been on the buyer side in my career for many years, I found that you're very keen to get access to information provided by startups but at the same time you need to ensure that the company you're going to do business with is one you can trust. They've typically got access to your data or are working with it in some way.
“Something that startups can do that we encourage, and certainly that our software helps facilitate, is aligning to industry standards around cyber security; particularly international standards like NIST and ISO 27001. If a small business or startup can demonstrate compliance to those standards and frameworks they’re perceived by businesses to be more trustworthy, and that can help accelerate sales cycles tremendously.
“Different industries are at a different point (with digitisation) and we're finding out the energy sector is shifting now to expect pretty high bars for compliance with any kind of business they do. It's going to be an increasing trend. Startups have been historically focused on getting a product to market and baking in some really cool innovation, but I think they're going to increasingly need to think about compliance a lot earlier than they would have in the past.”
Stevens describes this moment in 6clicks history as being “demand-rich.” As spreadsheets and traditional software approaches prove too weak for an increasingly hefty task, 6clicks is garnering tremendous interest, and some of it from a new corner: service providers.
Said Stevens, “We've found that traditional accounting firms, law firms, and consulting firms are also recognizing a shift in their clients’ expectations. They come to us and ask, ‘How do we bake our intellectual property or our expertise into your system so we can distribute that through a digital channel using your platform with the clients we're trying to serve?’ That’s a really interesting dynamic. Traditional service providers are recognising the need for change and trying to get on the front foot. That’s really cool.”
Cyber security is only one of many challenges 6clicks helps client firms deal with. “When we built our platform we had initial focus on cyber security and saw that as a major challenge that organisations face and we thought of our system in that context,” he said. “Now, we're also working with a number of law and consulting firms who are using our platform to help clients with modern slavery obligation, which fit a similar pattern in so far as you need to take a risk assessment of your supply chain to understand where there may be modern slavery risk and then undertake a risk assessment and that typically maps back to regulation that companies need to comply with.”
With Australia’s enactment of the Modern Slavery Act of 2018, many companies with over $100 million in turnover need to comply with it. “Our solution is a very easy way to do that,” Stevens said. “We take out the manual processes and automate them.”
Government institutions are also embracing the ease and utility of the 6clicks platform. Governments often publish their own standards or have their own unique needs that differ from those of the private sector.
“Governments’ compliance needs are different so they must publish their own standards, so our platform helps him do that. Government is structured in a different way from the private sector. There are departments and agencies, and there are often bodies that provide shared services across the government who are looking to establish standards, so they need to use a system that has a parent-child or what we call a service provider-type structure where there is a central body that defines the standard and tries to mandate that and put those standards in place. Then there are all the different departments and agencies that need to comply with that and there are those relationships that need to exist within the government,” he explained.
Clearly, startup companies, enterprises, and governments are seeking better, more innovative ways to manage compliance and assess and mitigate risk. Stevens is quick to point out that it’s a gargantuan challenge even for the best of the best. “They can’t do it alone. It's not just a case of implementing existing software, they've got to work with their advisers.”
6clicks is built to be white labeled by service providers, fundamentally changing the way they engage with their clients. “The opportunity that we see is to shift that delivery model for service providers that want to get far more digital and tackle an issue that is a massive change for a lot of businesses facing issues of risk and compliance.”