Bandler’s Fourth Platform to Connect

John Bandler
5 min readDec 2, 2022

Bandler’s Fourth Platform incorporates mission and business needs into the Three Platforms compliance and management concept. Together this helps organizations manage themselves effectively and efficiently, including with their information assets (these assets include computer devices, data, networks, and more).

My Three Platforms to Connect concept visualizes how legal requirements, internal policy, and organization practice should align and is compliance oriented. Now we introduce the Fourth Platform to our concept to ensure organization mission and business are included in our conceptual diagram.

Recapping Bandler’s Three Platforms to Connect

The three areas to consider for compliance analysis are:

  • Laws and regulations (external rules)
  • Policies, procedures, and other internal rules
  • Practice, action, or what is actually done.

I examine each of these platforms in more detail in my Three Platforms article.

The Fourth Platform: Mission and business needs

Businesses have a mission, which may include one or more of the following.

  • Do good and help individuals and society, provide a necessary service or product
  • Earn revenue and business (which pays employee salaries, rewards business owners and shareholders, etc.)
  • Obtain donations or grants
  • Survive, thrive, and grow.

This mission might also be called “business needs” and deserves a place in our diagram.

First I will show them inline, lined up, like a squad of soldiers in formation, or baseball players on the foul line for the national anthem.

Putting them in a line is a start

A line helps us see all four platforms but doesn’t fully capture things. Different people in an organization might focus on different platforms, we will examine how they might focus on two different paths, and either mission or compliance might take precedence. Organizations need to try align them.

Put another way, different people in an organization may have varying priorities. Although organizations with a culture of compliance and knowledge of external requirements are generally better managed and well-suited for long term success, sometimes it takes time to get everyone onto that same page. One person or department may be focused on laws and compliance, another focused on earning revenue.

Let’s try an L-shape

So let’s show these four pillars in more of an L-shape, and recognizing that external rules and business needs can sometimes seem at odds (though it need not be).

Let’s also recognize the limitations of my drawing skills and time, perspective and labeling, and PowerPoint. It’s a compromise and there is room for improvement.

Now a top view

The limits of my graphic arts capabilities are clear, so let’s switch to a top view.

We’ve got the same four platforms, arranged in a “T” shape, and changed our view point.

Now let’s show the compliance and business lines of priority

And now let’s draw in two lines.

The first (red) line is the “compliance line” and showing how external rules, internal rules, and practice need to align. That’s the Three Platforms from my other article.

The other (green) line is the “business needs” line, and how that, internal rules, and practice need to align.

Some employees may focus on the compliance line, such as the general counsel, compliance officer, privacy officer, chief information security officer, and more.

Some employees may focus on the business needs line, such as those whose duties require creating and delivering products and services, and earning revenue or obtaining grants.

Organizations seeking long term health and success will strive to satisfy both lines and align all four platforms. Survival and growth requires compliance with laws and protecting assets.

As we can see, the internal rules are right in the middle of all of this. Internal rules tell employees what do do and how the business should run, and that’s important for both business needs and compliance with external rules. So we will discuss internal rules in more detail in another article.

We need a fifth component

We need one more component in order to plan our internal rules and management, external guidance. I depict that as a cloud since it is such a broad category and we can be selective as we pick and adapt from it. I summarize these five components of policy work here.


Businesses need to build internal rules and practices that align with business needs and external rules. My Four Platforms to Connect concept builds on the Three Platforms and provides a helpful way for organizations to visualize compliance and management, which also helps with good overall governance and efficiency. To build our internal rules properly, we need to consider the Five Components for Policy Work.

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

If your organization needs help with improving its internal documentation and compliance with external rules, including regarding cybersecurity and protecting from cybercrime, let me know.

This article was originally published on my website at where I also include links for additional reading, and it may be more current and with improved formatting.

Copyright John Bandler all rights reserved.

Posted to Medium on 12/02/2022 based on my earlier article on my website. Last updated here on 12/02/2022.



John Bandler

Cyber, law, security, crime, privacy, more. Attorney, consultant, author, speaker, teacher. Find me at