'%3e%3cpath%20d='M2.00058%2012.6514C3.10436%2012.6514%204.00018%2011.7554%204.00018%2010.6514V8.65137H2.00058C0.896797%208.65137%200.000976562%209.54737%200.000976562%2010.6514C0.000976562%2011.7554%200.896797%2012.6514%202.00058%2012.6514Z'%20fill='%230ACF83'/%3e%3cpath%20d='M0.000976562%206.65137C0.000976562%205.54737%200.896797%204.65137%202.00058%204.65137H4.00018V8.65137H2.00058C0.896797%208.65137%200.000976562%207.75537%200.000976562%206.65137Z'%20fill='%23A259FF'/%3e%3cpath%20d='M0.000976562%202.65137C0.000976562%201.54737%200.896797%200.651367%202.00058%200.651367H4.00018V4.65137H2.00058C0.896797%204.65137%200.000976562%203.75537%200.000976562%202.65137Z'%20fill='%23F24E1E'/%3e%3cpath%20d='M4%200.651367H5.9996C7.10338%200.651367%207.9992%201.54737%207.9992%202.65137C7.9992%203.75537%207.10338%204.65137%205.9996%204.65137H4V0.651367Z'%20fill='%23FF7262'/%3e%3cpath%20d='M7.9992%206.65137C7.9992%207.75537%207.10338%208.65137%205.9996%208.65137C4.89582%208.65137%204%207.75537%204%206.65137C4%205.54737%204.89582%204.65137%205.9996%204.65137C7.10338%204.65137%207.9992%205.54737%207.9992%206.65137Z'%20fill='%231ABCFE'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_445_4507'%3e%3crect%20width='8'%20height='12'%20fill='white'%20transform='translate(0%200.651367)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Context
Temporary and contract staffing businesses have a duty of care to their clients to ensure that the workers that they place are fully compliant. This includes such things as background checks, certificates and qualifications, and rights to work, and the requirements can vary between sectors dramatically. In itris, there are two modes for compliance — Informational or Preventative, and there became a need to introduce the ability for users to override preventative compliance requirements.
I collaborated with the product and development teams to reach an elegant solution.
Problem
There is no middle ground for compliance in itris, and that was intentional — it either stops a user from placing or extending a non-compliant candidate, or it is allowed, and the compliance status is highlighted to the user. However, some customers wanted to confirm placements far in advance, where compliance requirements wouldn't be satisfied initially, but would be in place before the start date.
This was particularly the case with the education sector, where teachers were placed at schools for the following school year far in advance of the start date. Customers still wanted compliance to be preventative, but needed to be able to create placement records to be able to invoice their clients and in its current state, this was causing customers to use inefficient workarounds.
Goals
User
- Allow compliance requirements to be bypassed in certain scenarios
- Provide an audit trail of overridden compliance requirements
- Ensure compliance teams still maintained their SLAs
Business
- Protect revenue
- Reduce the risk of increased customer churn
Research
After collating feedback from customers, I noticed 3 categories of requests:
- A manager typing a password in at their computer — This is prone to exploitation and doesn't scale effectively for hybrid or remote teams.
- A hybrid between preventative and information compliance — Given the sensitive, business critical nature of compliance, we intentionally wanted the options to be strictly on or off, and we didn't want to blur the lines.
- Draft placements — We had considered this as part of a wider initiative, but this would have significantly increased the scope of the project, which we didn't have the appetite for at the time.
These categories addressed specific customers' needs, but we needed to keep the broader customer-base in mind. However, the idea of a password entered to override compliance was a thread I wanted to pull on a little more.
Solution
The trouble with a password is that if a user sees that password as someone is typing it in, they can use it again and again with no ramifications. But it got me thinking about a common pattern seen in modern software, which is 2-Factor Authentication. What if we could use something along the lines of a one time passcode to safely allow compliance requirements to be overridden?
After meetings with the product team and developers, we decided on a direction and implemented a method for privileged users to generate unique, time-based codes to override compliance restrictions. This also included an audit trail of when compliance was overridden and who the code was issued by.
Crucially, overriding compliance did not mean that the candidate was marked as compliant; they were still non-compliant and would still be highlighted in compliance reports. However, users were unblocked and the placement could be created.
Outcome
Within a month of this improvement being released, one customer on an older version upgraded with a contractual value of over £150k. They were initially not prepared to upgrade without this feature. We were also confident that the outcome of this project would improve customer retention and cover the potential loss of revenue.