Behind the scenes of compliance: “It’s only done right if no one notices”

Compliance. Not the most exciting topic at first glance. Yet behind the scenes at CFP Green Buildings, more is happening than you might think. From audits to data quality, and from processes to behaviour, compliance ensures everything is right and stays right, often without you even noticing.

We spoke with Compliance Officer Dennie Oosterbaan, who shows that it is anything but a box-ticking exercise.

If no one notices, I have done my job well

At a birthday party, Dennie keeps it simple: “My job is successful if I can sit back with my feet up and everyone thinks I am doing nothing, because everything stays secure without any hassle.”

It may sound relaxed, but a lot of work goes into that. Good compliance is not immediately visible. It is embedded in how processes run and how people work, without constant attention being drawn to it.

From perception to practice

Compliance is sometimes seen as bureaucratic. Lots of rules, lots of documents, little action. According to Dennie, that is a misconception. “People often think it is just a box ticking exercise, when in reality it is about what you actually do in your day to day work.”

The difference lies in execution. Not what is written down, but whether processes are truly embedded in the organisation. Whether people understand why something matters and act accordingly.

Behind every certificate lies a continuous process

ISO, EcoVadis, EPA, B Corp, SOC, PCAF, FSQS, just a selection of CFP’s certifications. But behind each one is not a one off effort, rather an ongoing process.

It starts with understanding the requirements. What is being asked, and does it align with how you want to operate as an organisation? Then comes translating that into practice. Documenting processes, assigning responsibilities, and ensuring everything meets the requirements.

The most important part comes after that. Not achieving the certification, but continuing to comply. “You need to continuously check whether everything still aligns and adjust where necessary. That is how you demonstrate ongoing improvement.”

The real challenge is not the rules, it is behaviour

On paper, much of it makes sense, especially in areas such as information security. The rules are often clear, and technical solutions are readily available. Yet that is not where the biggest challenge lies. Dennie explains: “The rules are straightforward. But getting people to consistently act in line with those rules, every day and in every situation, that is where the complexity lies.”

What do these certifications actually show?

CFP’s certifications are not an end in themselves, but a reflection of how the organisation operates. They demonstrate a strong focus on information security, that processes are regularly reviewed, and that there is a structured approach to continuous improvement.

They also align with client expectations, particularly in sectors where requirements around data, reporting and reliability are high, such as financial services.

Compliance you do not see, but do feel

Compliance continues to evolve. With emerging themes such as AI and supply chain responsibility, it is becoming increasingly important not only to look at your own organisation, but also at how technology is applied and how partners handle data and security. This requires conscious choices and clear agreements, especially behind the scenes.

Ultimately, compliance is not about rules or certifications, but about how an organisation operates. And perhaps that is exactly the point. When it is set up properly, you hardly notice it at all.