Opinion: Corporate Compliance Isn't Training

Opinion: Corporate Compliance Isn't Training

I spend a lot of time mentoring on client sites, and many of the clients are large organizations. Often these organizations require me to attend “training” on a regular basis, to satisfy their corporate compliance goals.

I don’t mind doing this at all, even though the course on conflicts of interest, or handling private or sensitive data, at company A is invariably almost word for word the equivalent course that I do at company B, and company C.

The ones that I really don’t like though, are the ones where the corporate IT security is spelled out like it’s obvious, and yet I know that what they’re pushing doesn’t meet any of the current guidelines that have been created from serious research into the topics. For example, the NIST guidelines on passwords would be a good start.

Training should involve learning something.

The vast majority of staff at the organizations wouldn’t learn anything from these “courses” and invariably, the questions that they need to get say 80% correct on, are so mind-numbingly obvious, that I see many staff not even paying attention when the videos are playing, and just quickly answering the questions at the end, to keep their managers happy.

But my biggest issue is that for many companies, almost all the corporate training budget is now going to these “courses”. My take on this is that the cost of delivering this material should be in a “corporate compliance” budget, not in anything that pretends to be a “training” budget.

2018-11-13