Eight years ago. That’s when we really started, as a profession, to conceptualize this idea of operationalization (Thank you, 2017 DOJ). Now here we are in 2025 and still asking ourselves what this looks like. 🤔
And I think that’s a good thing. 😀
It means that we’re still iterating on this idea. Which means we’re still innovating around it, too. So, let’s go back into the fray and talk about what it means to operationalize—in theory and in practice—because getting this right matters to our profession, to our roles, to our industry, and to the teams we serve.
What does "operationalize" mean?
The Oxford English Dictionary assigns it two definitions:
- To express or determine in operational terms
- To put into effect, to realize
Ok, so what does that mean to E&C pros? ”Operationalize” is doing both. You "operationalize compliance" by:
- Identifying the things people do that create risk (i.e., express compliance in terms of the operations employees perform) 🔎, then
- Explaining how to do those things correctly so the risk is mitigated (i.e., realize compliance by putting processes into effect; see also “operational integration” in the ECCP)💡
Simple? Yes. Easy? No.
Here’s what we mean.
It's not enough to create a policy and then train on it. You actually have to apply the policy to the tasks and job duties (the operations!) that will impact compliance under that policy.
You can't just assume employees will know how to apply compliance expectations to their jobs—if that worked, your job wouldn’t be necessary.
Source: NBC’s Saturday Night Live via Giphy.com
To operationalize, you need to get down to the task level. Let’s unpack what it takes to get there.
What does "operationalize" look like?
First, here’s what it’s not.
Unfortunately, it’s not the “fun stuff.” It’s not gamification. It’s not interactive modules. It’s not issuing a newsletter. Now, let’s be clear: None of that is bad stuff (at least, not always); it’s just not operationalization stuff. 🤷
“Operationalizing” is all the stuff that people generally dislike about compliance—controls, procedures, monitoring, auditing, and targeted training. It’s getting people to do their jobs the right way. And doing that means you have to get down to the nitty-gritty of each one of those jobs. Here’s your playbook:
- Schedule time to meet with a team that does something risky.
- Ask them about their jobs: what they do each day, how they do it, what resources they use to help them get it done, etc.
- Then, grab your toolbox—a.k.a., your codes, policies, training, and audits.
- Compare and contrast what’s happening (i.e., the tasks) with what’s supposed to happen (i.e., the policies, etc.).
- Now, re-engage those same teams in articulating the gaps (i.e., the risks) and workshopping solutions.
- Revise those solutions as needed, implement them, and check periodically to make sure the solutions are still working.
When you operationalize compliance, you make it relevant to your employees, therefore mitigating risk by design. Want another pseudo-real life example of what we mean by this? Cue Ricardo and the zombies! 🧟 The entire post is *chef’s kiss*, but we know you’re busy, so we’ve brought you right to the example!
(Let’s be honest, I could never write anything nearly this fun, so I’m gonna let someone else do it–which BTW is a life lesson we all need from time to time: Do what you’re good at; let others do the rest!)
That's ⬆️ what "operationalizing compliance" looks like in practice.
So, how do you get started?
Well, you actually have to do it.
“But, Jennifer, I’ve already got ABC, XYZ, and 123 on my list. How am I supposed to get this done, too?”
I get it. I really do. But the simple truth is, you can. And here's how: Just do one thing. ☝️
To start operationalizing compliance at your org, pick one thing that will have a big impact and do the basics necessary to get it done. This will get you started on the path, teach you important lessons, and hopefully get you an early win. Here are two top tips to keep in mind:
- Don’t overthink it. Some of the easiest quick wins involve a task that requires an employee to get approval from someone.
- Start with a solution you can implement within three months. That way, you can quickly pivot if you need to–which is OK! You won’t get it right the first time every time, and a mistake made over three months is a lot easier to recover from than one made over eight or nine.
Operationalizing compliance one piece at a time may feel like a slow burn. And it is … But that’s OK. Eventually, your program will be fully operationalized. And bonus—your business leaders will be able to see the value of your program because you will have put in the work and will have quantifiable results to prove it. Operationalizing FTW!