By Kat Reierson
Have You Considered a Career in Compliance?
Do you enjoy documenting processes? Do you thrive when asked to research rules and regulations? Then you might like a career in compliance writing. Detailed-oriented compliance writers leverage the knowledge of industry regulations and standards to create documents such as Standard Operating Procedures (SOPs).
According to Gan Integrity, effective corporate compliance is the ability to lead large groups of people toward achieving certain standards of conduct. Every business has to comply with rules, regulations, directives, and codes. Here are a few regulations, standards, and legislation with which organizations may need to comply:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Federal Information Security Management Act (FISMA)
- California Consumer Privacy Act (CCPA)
- General Data Protection Regulation (GDPR)
You are probably familiar with government regulatory agencies such as the Federal Trade Commission (FTC) and the Food and Drug Administration (FDA), but did you know that there are also numerous industry-specific associations and groups? For healthcare, there is the Office of the National Coordinator for Health IT (ONC), the Centers for Medicare and Medicaid Services (CMS), and many other compliance requirements. Corporate compliance covers both internal policies and procedures, as well as federal and state laws. In the cybersecurity industry, “compliance” means meeting various controls (usually enacted by a regulatory authority, law, or industry group) to protect confidentiality, integrity, and data availability.
Many organizations today have created entire compliance departments to manage compliance risks and ensure they pass compliance audits. Detection of non-compliant practices may result in heavy penalties and hurt their brand. The ever-increasing complexity of regulations has become an increasingly common business concern. Career opportunities in compliance exist with private industrial organizations, regulatory bodies, and nonprofit organizations across many industries, including healthcare, information technology (IT), and cybersecurity.
According to Mary-James Young, Senior Compliance and Regulatory Counsel, the field of compliance has been transitioning from being made up of a small group that “know what we mean” to a larger audience that includes outside auditors who “know what the document says… not what was meant.” Because of the reliance of non-subject matter experts on written compliance requirements, clear, concise writing is more important than ever, and companies are starting to realize this. Clear, understandable documents enhance credibility and improve auditors’ perceptions, which is where technical communicators come in (Young, Mary-James, 2014).
Technical communicators have the technical skills of subject matter experts (SMEs) and many of the skills required of compliance professionals: Expert verbal communications and conflict management skills, paired with patience, persistence, and an understanding of compliance standards and requirements. You have likely either worked on, or encountered, a compliance document during your career. Many of the companies we work for have to meet compliance requirements from various organizations such as the International Organization for Standardization (ISO), Underwriter Laboratories (UL), the Food and Drug Administration (FDA), among many others. Perhaps you have reviewed an SOP (Standard Operating Procedure) for clarity. If you enjoy documenting processes and procedures to meet various international standards, or understand the nuances and factors that impact policies, compliance writing might be a great career option for you.
Technical communicators work to contextualize complex information in ways that enable readers to perform needed actions. Most compliance frameworks provide requirements needed to reach the desired state, but they are not normally specific in how those requirements are implemented. The ability to understand how to make compliance frameworks actionable depends on an understanding of both the requirements and the organization’s culture, with an emphasis on ensuring that various audiences clearly understand their obligation.
Here are some typical job titles from technical communicators interested in working in compliance:
IT Compliance Specialist/Technical Writer
- Write and/or edit technical documents, including policies, procedures, and work instructions. Develop outlines and drafts for review and approval by technical engineers, developers, and compliance management, ensuring that final documents meet applicable technical industry and compliance standards.
- Provide expertise in creating, implementing, and maintaining appropriate policies and procedures to comply with applicable technology, regulatory, and compliance requirements, including PCI-DSS, PA-DSS, SSAE 18 (SOC 1 Type II) SOC 2, GDPR, and HIPAA.
- Consult relevant regulatory, information sources and resources, and technical documents to obtain background information, and verify that pertinent guidelines and regulations governing technical documentation deliverables are applied.
Quality Associate/Technical Writer
- Liaise with operations personnel and application developers/business analysts to understand product details and operational workflows.
- Document the operational user stories and standard operating procedures for system enhancements and new products. This documentation is expected to be high quality and appropriate for use by operations personnel (customer support and laboratory operations).
- Author test scripts for all business processes and systems. Ensure these test scripts are updated when systems or products are changed.
- Contribute to the continuous improvement process outlined in the business quality manual.
Compliance Technical Writer
- Develop detailed examples of audit-ready documentation packages for reference architectures that meet the requirements of the FISMA, PCI-DSS, and HITRUST compliance frameworks for the Tanzu Kubernetes Grid line of products. An example of the type of documentation you will produce can be seen at https://docs.pivotal.io/nist/index.html and https://www.fedramp.gov/templates/.
- Update and improve the security control documentation as the reference architecture evolves, new products are added, and new compliance frameworks are added to the scope.
If you are interested, many professional organizations offer seminars and workshops around technical and regulatory writing. One of the best things about compliance is that nearly every industry has some compliance aspects and needs.
KAT REIERSON (firstname.lastname@example.org) is a technical writer at DocuSign passionate about crafting user-friendly content. She received her M.S. in scientific and technical writing from the University of Minnesota and loves naps, kayaking, and binging documentaries with her Bernese mountain dog.
Pluta, Paul L. 2019. “Technical Writing for Compliance Part 1.” Institute of Validation Technology. Accessed 11 May 2021. https://www.ivtnetwork.com/article/technical-writing-compliance-part-1-overview.
Daxko. n.d. “IT Compliance Specialist / Technical Writer” (Job Description). Accessed 21 May 2021. https://jobs.smartrecruiters.com/Daxko1/743999684971418-it-compliance-specialist-technical-writer.
Lensa. n.d. “Quality Associate / Technical Writer Job (Job Description). Accessed 21 May 2021. https://lensa.com/quality-associate–technical-writer-jobs
Lensa. n.d. “Compliance Technical Writer – Opportunity for Working Remotely Job” (Job Description). Accessed 21 May 2021. https://lensa.com/compliance-technical-writer-opportunity-for-working-remotely-jobs/washington/jd/93c730461b732c5025f8442608043a58.
Kelly, Matt. 2019. “What is Corporate Compliance and How Does It Impact Business?” GAN Integrity. Accessed 21 May 2021. https://www.ganintegrity.com/blog/what-is-corporate-compliance/.
Young, Mary-James (Jami). 2014. “Powerful, Persuasive Writing for Compliance Success.” Vectren Corporation. Accessed 21 May 2021.