Compliance CMS
About the company
Compliance CMS is a small Spanish consultancy firm. If offers comprehensive services in many areas of Spanish & EU law, but mainly specializes in Criminal Compliance & Corporate Risk Mitigation. Although the company is quite small (less than 10 employees), it manages to boast a diverse array of clients, from multinational corporations to small businesses.
My experience at the company
When I first joined Compliance CMS, it was, to put it bluntly, overwhelming. Not only was it my first professional job, but I was the whole IT team, as the company's previous programmer walked out and didn't have any other developer until I came aboard. That meant that everything IT-related fell on me: programming, UI & UX, databases, security..., you name it. To top it all off, despite it starting as a summer job, I continued working there while studying for my Computer Engineering degree, which made it significantly more stressful and challenging.
Despite all that pressure, it was also extremely enriching, and I'm glad I managed to pull through. Being on my own really pushed me to grow above and beyond, making me learn a lot about topics that I had barely scratched before. I don't know where I would be today if I hadn't had that kind of challenge early on in my professional career.
It's also important to add that, despite the work itself being difficult, the people people there were everything but that. Everyone was really friendy, helpful and hard-working.
Whistleblowing Channel
The first project I tackled was fixing and improving the company's whistleblowing channel. The channel was implemented as a Vue.JS web application, with a PHP back-end that stored the data in an SQL database in a standalone server. As the company was quite small, the traffic was quite limited, so this was more than enough for it to run smoothly.
Most of the work that I did to improve the Whistleblowing Channel was implementing new features and general maintenance, both to improve the client experience and to make it easier to manage it. It was also quite a challenge to do os while having to comply with both Spanish & EU law, as there are very stringent regulations that added tons of complexity.
As the tool is closed-source, I will refrain from delving too much into specifics, but some key achievements were the following:
- Automatic reminders, data blocking & data deletion in accordance with Spanish law.
- Integration with a telecom service to automatically register telephone calls in the channel.
- A deterministic NLP system for the automatic censoring of personal data when required by law.
RiskApp CMS
At the time I joined, the system for doing assessing corportate risk was a confusing, unmanageable mess of an Excel sheet. It was remarkably difficult to make event the most minor of changes, let alone check that everything is correct or to justify why a particular risk recieved the assessment that it did. It was a no-brainer to try to put the system in a web application, in a similar manner to the whistleblowing channel, so as to greatly improve expandability, testability, audit capability, and to automate the most tedious and repetitive parts of the risk assessment process.
The planning, design, implementation, delivery & maintainance of this application, which eventually became known as the RiskApp CMS, fell completely on my hands. It was almost-completely built using solely PHP. As it needed to be robust, performant, and be able to handle complex business logic, I decided to develop a simple-yet-effective interface, that refreshed completely everytime but didn't need to depend on complex javascript frameworks or other big dependencies.
As a result, altough I needed to put in a bit of extra legwork at the beginning, the resulting application was really easy to expand, maintain, and understand. With a bit of clever performance optimizations, it was also extremely performant, despite the complex computations and cross-referenceing of data that it needed to do.
The only real limitation of this approach was that the interface, while extremely functional and responsive, was quite basic, with mostly static components that completely refreshed the page every time you wanted to switch. Still, I'm really proud of what I managed to build in two short years, completely from scratch no less!
As with the whistleblowing channel, I can't go into the nitty-gritty of the application, as it is also closed-source. However, here are some key features of it:
- All risk assessments generate a human-readable explanation of the calculation, to check that the system is working as intended.
- Automatic storage and display of previous assessments, having a sorted history of every previously calculated risk.
- Integrated audit capabilities that record in real time all changes that might affect risk calculation.
Closing thoughts
I remember my time at Compliance CMS really fondly. Although the work was quite overwhelming at times, it made me grow and greatly helped me refine my skills. The challenge of being the only developer in the whole company made me learn about many topics, further enriching my tenure at the company, and made me become the generalist I am today.
