the classic corporate strategy: ban the thing everyone’s already using and call it ‘risk management’. your compliance policy isn’t a force field, it’s just a PDF nobody reads
Completely agree. Banning something outright rarely works; it just pushes usage out of sight.
The point I was trying to make is that governance has to show up in how work actually gets done. Otherwise you end up with compliance on paper and risk in practice.
the classic corporate strategy: ban the thing everyone’s already using and call it ‘risk management’. your compliance policy isn’t a force field, it’s just a PDF nobody reads
Completely agree. Banning something outright rarely works; it just pushes usage out of sight.
The point I was trying to make is that governance has to show up in how work actually gets done. Otherwise you end up with compliance on paper and risk in practice.