top of page

Using Wardley Mapping To Improve Compliance

Updated: Apr 18

Wardley Mapping is a strategic planning and visualization technique that was developed by Simon Wardley, a researcher and consultant in the field of IT strategy. Simon Wardley first introduced the concept of Wardley Mapping in 2005 in his blog, Bits or pieces, where he published a series of articles explaining the technique and its benefits.


Over time, Wardley Mapping gained popularity among business leaders, entrepreneurs, and strategists, as a tool to visualize and plan complex systems and processes. Today, Wardley Mapping is used by organizations around the world to gain insights into their systems, processes, and products, and to develop strategies that help them stay ahead of the curve in an ever-evolving market.


In this article we look at how it is used to improve compliance.

Wardley Map for Cyber/Information Security
Wardley Map for Cyber/Information Security

Wardley mapping is a powerful tool that can also help organizations understand the inter-dependencies of their compliance programs, systems, processes, and technology, and identify gaps and opportunities for optimization in their capabilities.


It is particularly useful for assessing the maturity of capabilities required to achieve and advance compliance outcomes towards vision zero targets such as: zero breaches, zero violations, zero emissions, zero fatalities, and so on, all of which are essential for any organization's mission success.


By using Wardley mapping organizations can make strategic decisions about how to allocate resources and prioritize efforts to better achieve compliance outcomes, ultimately improving efficiency and reducing costs. With its ability to provide a visual representation of a compliance value chain, Wardley mapping is a valuable tool for any organization looking to gain a better understanding of its capabilities and make informed decisions about its future direction concerning compliance.


Wardley Mapping Steps


Wardley mapping is a simple and yet powerful tool that everyone can learn. At a high-level here are steps you can take to map your compliance efforts to assess needed capabilities:


1. Understand the compliance landscape: First, you need to gain a good understanding of the compliance landscape in your industry or organization. This means identifying the key regulations, standards, and best practices that apply to your business.


2. Map the compliance value chain:


  • Start by identifying the compliance value chain: Begin by identifying the various components of the program, systems, or processes that you want to map out. This may involve identifying the key activities, functions, and inputs that contribute to the overall value chain.

  • Map out the components on an X-Y axis: The X-axis represents the evolution of the components, from the initial state (genesis) to the final state (maturity), while the Y-axis represents the value chain, from the organizational need to the final compliance program or technology.

  • Identify the components and their dependencies: For each component on the map, identify its dependencies and how it interacts with other components in the program. This can help you understand how changes in one component can affect other components in the overall system.

  • Determine the characteristics of each component: For each component, identify its characteristics such as its level of maturity, its cost, its importance to the system, and its level of differentiation from other components in the system.

  • Analyze the map and identify areas of opportunity: Use the Wardley Map to identify areas of opportunity, such as areas where new technologies can be applied or where costs can be reduced. Use the map to prioritize actions and investments that will help to improve the overall program, systems, or process.

  • Update the map as the program evolves: As the compliance function evolves, continue to update the Wardley Map to reflect changes in the components, their dependencies, and their characteristics. This will help to ensure that the map remains an accurate representation of the system and can continue to guide decision-making.


3. Identify areas for improvement: With the compliance landscape and program mapped, you can identify areas where improvements are needed. This might include areas where your organization is not meeting regulatory requirements or where your compliance program is not as effective as it could be.


4. Prioritize improvements: Once you have identified areas for improvement, you can prioritize them based on their impact on your organization's compliance posture and their feasibility. For example, you might prioritize improvements that address high-risk areas or that can be implemented quickly and easily.


5. Develop a plan: With the improvements prioritized, you can develop a plan to implement them. This might involve developing new policies or procedures, implementing new controls, or providing additional training to employees.


6. Monitor progress: Finally, it's important to monitor progress and make adjustments as needed. This might involve tracking key compliance metrics, conducting regular risk assessments, and reviewing your compliance program on a regular basis to ensure it remains effective.



Using Wardley Mapping organizations can understand how best to improve compliance, gain a better understanding of the compliance landscape, identify areas for improvement, and prioritize those improvements to ensure your organization is effective at staying between the lines and ahead of risk.



46 views
Operational Compliance - Primer.png

"For Compliance to be Effective,

It First Must be Operational."

Download our Free

Operational Compliance - Primer

E-Book

bottom of page