![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
In a Hyperproof survey, over 120 organizations identified their most common compliance pain points. The three main takeaways were:
The majority of organizations didn't feel on top of their security or operational risks due to the continuously changing risk landscape.
With the release of GDPR, organizations had to make privacy orientation a priority, whether they wanted to or not. This led to an intense growth in demands from a compliance perspective.
Because organizations didn't feel in control of the previous two aspects, they became “audit obsessed”—essentially focusing all of their time, effort, and resources on passing the audit.
Hyperproof developed the continuous compliance operations (ComOps) methodology, where controls are the center of an organization's compliance operations. This means "everything else"—requests, risks, requirements, evidence, issues, and so on—is linked to controls.
Many organizations don't fully use their controls because of an astoundingly flawed assumption that the cost of switching to a control-centric (ComOps) approach is too high and too time-consuming. Because of this assumption, organizations are still working off spreadsheets, scrambling to collect evidence and fix controls right before an audit.
Following the continuous ComOps methodology reduces your chances of experiencing security and compliance lapses because you're making continuous improvements on a cadence—not trying to do everything at once. When work is tracked in a single repository, and evidence is collected on an ongoing basis, no one needs to go into fire-drill mode right before an audit.