Business needs and mission

by John Bandler

Business needs and mission are the top priority for every organization. Let's put it in context of policies, procedures, law, cybersecurity, privacy, and management.

Occasionally some people see a conflict between mission, revenue, compliance, and security. But good planning and management principles help organizations make good decisions about risks to both fulfill mission, protect the organization, protect consumer privacy, and comply with applicable legal requirements.

What is the mission and what are the business needs?

Organization mission may include:

  • Do good and help individuals and society, provide a necessary service or product
  • Earn revenue and business (which pays employee salaries, rewards business owners and shareholders, etc.)
  • Obtain donations or grants
  • Survive, thrive, and grow.

Different people have different responsibilities and motives

Within the organization, there may be competing interests. In a small startup, a few people wear multiple hats, balancing building business, cybersecurity, privacy, legal compliance, and more. For progressively larger organizations, each role may be filled by a different person or even an entire department.

While the organization is ostensibly working towards a unified goal, sometimes individual components are not working efficiently together, or might even be working to achieve separate outcomes.

Consider these areas:

  • Increasing revenue and customer base
  • Marketing and putting the most positive light on the company's goods or services
  • Managing information assets and information technology, and meeting the requests and demands of employees and management
  • Securing information assets from crime or disaster
  • Complying with legal requirements
  • Creating proper documentation regarding the organization's rules, future plans, and present and past activities

In the context of internal rules

All of this discussion is in the context of "internal rules", which is my way of describing any rule an organization creates for itself and its employees. It is an important platform for organization management and governance (including management of digital assets for cybersecurity and privacy).

Many may use the term "policies and procedures" for this, but I like the term internal rules for a number of reasons, and it is one of my platforms in my framework for management. Here this article provides a landing point for this concept and link to related articles.

While this is primarily in the context of information governance -- properly managing information assets such as computer devices, data, networks, and more. But the concepts apply across all areas of organization management.

The Three Platforms concept became Four Platforms to show missionBandlers Three Platforms to Connect simple

My Three Platforms to Connect for compliance  visualizes how legal requirements, internal policy, and organization practice should align.

The three areas to consider for compliance analysis are:

  • External rules: Laws and regulations
  • Internal rules: Policies, procedures, and more
  • Practice: or action -- what is actually done.

Then I introduced the Fourth Platform of:

Bandler's Four Platforms to Connect (L-shape)

  • Business needs (Mission)

This brings organization mission and business needs into our conceptual diagram. Mission can include doing good to help individuals and society, earning revenue and business, obtaining donations or grants, surviving, thriving, and growing.

Top view and external guidance

Creating internal rules with Bandler's platforms (Mission)

Then I added the concept of "External Guidance" as a bubbly cloud, and realize my attempts to show perspective and three dimensions have limits.

So my diagram becomes a top view and I show all five components. This helpful concept is for organizations that are planning to create or update their internal rules and I discuss it in this article on internal rules planning. In sum, we first examine external rules, business needs, external guidance, and practice, and use them to create or improve our internal rules.

Security and compliance help accomplish the mission

Cybersecurity, privacy, and legal compliance should not be thought of as disciplines that compete with or hinder the organization's pursuit of business goals and mission.

Rather, a comprehensive management philosophy recognizes organizations need to plan, prepare, protect, and comply with legal requirements. Thus, information assets are an important part of an organization's assets and abilities, and good management and planning helps maximize efficiency and protect the organization.

Foremost, good management and protection of information assets helps the organization accomplish it's mission. Secondly, failing to protect information assets can result in a devastating cybercrime that is costly. Thirdly, failure to comply with legal requirements can be costly and damaging to reputation.

Laying out principles

Here's how I see all of this fitting in:

  • Organization mission comes first
  • Organizations that plan and that manage themselves well can better accomplish the mission.
  • To do the mission well, the organization must properly manage information assets.
    • Properly managing information assets include security, efficiency, cost reduction, maximizing resources.
    • To do the mission well, the organization must properly secure information assets with good cybersecurity.
  • To do the mission, the organization must comply with applicable laws and legal requirements.
    • Legal requirements include cybersecurity and privacy, negligence law principles, contract, and more.
    • Failure to comply with legal requirements (including regarding cybersecurity or privacy) means increased risk of legal action.
  • Good business practices mean having good cybersecurity and privacy practices.
    • Failure to have good cybersecurity or privacy practices means increased risk of cybercrime and cyber incidents. Data breach, ransomware, theft, etc. Such incidents are costly, hamper the mission, damage the business and reputation.
  • Management is key with cybersecurity and all other things
    • A well managed business plans ahead and makes solid decisions after weighing options. This planning is both short term and long term (tactical and strategic).
    • A well managed business considers mission, revenue, compliance, security, privacy, protecting itself, employees, and customers
    • A poorly managed business does not do the above and may lurch from crisis to crisis, without good planning and without efficiency
    • Good management principles help with management of cybersecurity, privacy, managing information assets, and for all other areas too.
    • Good management principles include having good policies and procedures (internal rules).
  • Good internal rules help fulfill the mission, comply with legal requirements, and let employees know what to do.


Mission comes first. Policies, procedures, cybersecurity, and good management of information assets all help fulfil that mission.

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

If your organization needs help with improving its internal documentation and compliance with external rules, including regarding cybersecurity and protecting from cybercrime, feel free to contact me.

Additional reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET (though not kept as up to date).

Originally posted 7/28/2022, updated 7/28/2022.