GRC.

Cyber Governance, Risk & Compliance are the cornerstones that attest to the fact that due diligence was top of mind when the hackers appeared.

In a perfect world, GRC ensures that proper policies and controls are in place to reduce risk, to set up a system of checks and balances to alert personnel when new risks materialize, and to manage business processes more efficiently and proactively. 

Those tasked with GRC oversight must juggle stakeholder expectations with business objectives, while also meeting mandated compliance requirements. 

Ask yourself:
  • How do you define your ideal state, given your limited resources?
  • How far away are you from this ideal state?
  • What is it going to take to get there?

SAUNDERS GRC can help ... book an initial scoping meeting today.

Governance

Someone just breached your online order system - can you establish, in less than 5 minutes:
  • Which systems were impacted?
  • How many customers were impacted?
  • What personal information, including credit card numbers, was compromised, if any?
  • Who do you inform next?

Also, for Annual IT Security budget exercises, how do you align your spend with corporate priorities (e.g. does a 60% spend for network-based security make sense when there is no money left for token-based Identity-as-a-Service for your Cloud-First systems?)

These questions are at the heart of Governance.

Contact SAUNDERS GRC to improve your IT Security Governance today.

Risk

Risk drives how business spends their money and makes Cyber security a corporate responsibility, as explicitly pointed out in numerous recent court cases, not "just an IT problem."
  • ​What does your current Risk Management program look like?
  • Was Cyber Risk Identification a joint effort across departments?
  • How did the committee decide which Risks to accept?
  • What was the scope of the Cyber insurance purchased and what does it cover in case of a breach?
  • How were the chosen IT Security controls aligned with the identified risks?
  • How often are they tested for effectiveness? 

Contact us to setup or improve your IT Security Risk Management today.

Compliance

PIPEDA, OSFI, GDPR, FFIEC , etc ...depending on where you do business and who you do business with, the prospect of a breach and not being compliant with the relevant regulatory body's cyber guidance can be a career-ending (and business-ending) event.
  • Was there a breach subject to PIPEDA and "forget" to report it ? Fines up to $100,000 per record.
  • No OSFI Cyber compliance? Stop doing business as a chartered bank or a chartered bank 3rd party provider (accountant, lawyer, etc).
  • Have customers from Massachusetts? $5,000USD fine per record compromised, mandatory minimum 18 month credit protection per person and need to notify the Office of Consumer Affairs and Business Regulation and the Attorney General’s Office. 
  • Subject to GDPR? Fines for non-compliance of up-to 20 million euros or 4% of global corporate revenue, whichever is greater.

Regulators want to drive home that Cyber security is an overall corporate responsibility that is ignored at your own personal (and corporate) peril. 

Contact SAUNDERS GRC to establish a roadmap for your IT Security Compliance implementation today.
Site powered by Weebly. Managed by Sibername