Digital technology underpins nearly all businesses today, making us all behave like digital businesses.
For a digital business, trust starts with technology. When people entrust their data and operations to a system, they need to be confident that it’s going to be seamless and secure, and handled it with integrity and accountability. This means that a provider uses trusted systems, tools and processes.
For large enterprises, such as financial institutions or ASX listed companies there are certain requirements that are table stakes for any technology, service or platform. This used to be a costly and complex business in itself to deliver these certifications or compliances at an individual line of business application layer. Now we are in the land of large enterprise software being affordable to smaller and mid-sized companies, allowing them to leverage the trust investments. As part of KMPG, we are held to the same standards as if we were servicing those same regulated industries or ASX-listed, public companies.
But building trust is less about the software release cycle and more about trusted platform and operations. It’s less about releasing imperfect code and more about the overall environment. This means having systems, tools and processes that build trust. By having foundational elements in the “stack” that are trusted (by means of compliance and certification) we can allow our customers to operate with confidence at the business layer on top of a trusted platform.
According to Edelman’s Trust Barometer, people rank trust second only to product attributes when making a purchasing decision: "I must be able to trust the brand to do what is right".
There are three areas to look for when choosing a software provider:
1. Cyber security and compliance
In the work-from-anywhere world of business, accelerated by pandemic lockdowns but here to stay, mobility is a priority. Instead of legacy, on-premise systems (that users may not be able to access if they’re locked out of offices) the priority is for agile, cloud-based, SaaS platforms. These platforms also offer much higher cyber security, such as SOC-2 compliance. This is essentially an enterprise-grade standard that has traditionally been beyond reach for many SMBs to implement.
Globally established standards, such as ISO compliance, are generally viewed as best business practice. While not legally mandatory, ISO certification can be a strong proof of trustworthiness, and increasingly something that is a minimum requirement to work with some partners and stakeholders.
For example, ISO27001 accreditation shows that a company has an Information Security Management System (ISMS) which has been set up and implemented effectively, minimising risks related to information security. A certified ISMS has been assessed across the organisation and shows that policies and procedures are implemented by staff at all levels. ISO27017 is aimed at making a safer cloud-based environment and reducing the risk of security problems.
In an age when every company is presented with so many choices of digital products, standards like ISO27001 and ISO27017 are an important platform for trust.
ISO 27001 certification demonstrates that an organisation has invested in the people, processes, and technology (e.g. tools and systems) to protect its customers’ data. This means that even as a smaller company, you’ll be getting the equivalent protections that large enterprises get.
2. Going above and beyond in the release cycle
While there’s often pressure to “get to market”, a too-short, too-aggressive development cycle can cause issues. It’s vital that software providers ensure testing is as rigorous as possible. This means providing as many test cases as possible and testing them in multiple environments: production, development, QA (quality assurance), UAT (user acceptance testing)/staging environments and load testing.
Testing needs to continue post release, for example running a nominal number of tests in customer sandboxes as well as the production environment. When there’s a Microsoft release, for example, we go through a series of tests before we release to customers, and frequently fix things before release.
3. Remembering the human factor
Relationships and communication must not be overlooked as a key pillar of building trust. This ranges from how a company treats its staff and customers to putting processes in place that protect everyone. As well as having good cyber education, obvious vulnerabilities should and can be eliminated. For example, there should be no possibility that an admin could leave a laptop on a bus, and have their business and client data exposed.
Software providers should demonstrate open communication with partners and clients, being responsive to questions and feedback. It should be possible for customers to leave if they want to, or increase/decrease their level of service according to their needs, rather than being locked into a lengthy contract at a fixed capacity.
Ultimately, trust makes excellent business sense. A body of research shows that organisations with high levels of trust experience better financial performance, greater productivity, and better product/service quality, with high-trust companies outperforming other companies. Trust isn’t something "soft" and "nice to have", it’s a hard, economic driver of success.