By Heath Gieson
Creating process is a process itself. It’s not just about writing steps on paper—it’s about building something people will follow, that produces results, and that becomes streamlined over time. To do that, there are three things you must be mindful of: consistency, effectiveness, and efficiency. These aren’t just buzzwords—they’re progressive steps that determine whether your process will succeed.
Start with Consistency
I frequently tell my staff: we must be consistent. Honestly, I don’t care if we’re right at first—as long as we’re consistent. If we consistently make the same error, that’s easy to fix. If we make a different error every time, then we need to restart the process of process creation.
Consistency is the foundation. No process can be effective unless it is first consistent.
Then Aim for Effectiveness
What does it mean to be effective? A quick search gives us this definition: successfully producing the desired or intended result. That’s good, but for our purposes, let’s add one word: consistently.
So, effectiveness means consistently producing the desired result. Without consistency, effectiveness is impossible.
Finally, Strive for Efficiency
Effectiveness and efficiency are often confused, but they are not the same thing. Efficiency means achieving maximum productivity with minimum wasted effort or expense.
Think of it this way: if a process isn’t consistent, it can’t be effective. And if it isn’t effective, efficiency is out of reach.
Why This Matters for Security and Compliance
You might wonder why a cybersecurity guy is talking about process creation. Here’s why: for security and compliance to be meaningful and provide the protection your organization deserves, they must be operationalized into day-to-day operations. That means having repeatable processes in place—and that starts with understanding consistency, effectiveness, and efficiency.
What’s Next
Starting in January, we’re launching a new weekly blog series focused on what we call essential cyber hygiene—the bare minimum every organization should be doing to protect itself from cyber risks. We’ll use the Center for Internet Security’s Critical Security Controls, Implementation Group 1 (CIS IG1) as our guide. This framework includes 56 practical controls designed for small and medium-sized businesses.
To make this series impactful, I’ve teamed up with two incredible experts:
- Andrew Scott, Field CISO at Todyl
- Tim Marley, President at Prism One Services
Together, we’ll break down each control, explain why it matters, and share actionable steps to operationalize these safeguards in your organization.
Our goal is simple: help every organization understand and implement the foundational steps to protect against cyber threats.
In my post next week we will discuss root of the problems experienced by most growing organizations.
Further reading
With a commitment to revolutionizing how businesses operate, Forthright empowers organizations to unlock the full potential of secure and compliant digital workspaces, enabling employee productivity.
