Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

EMC ANZ Momentum User Group 2011- Business Track - Information Governance- The Foundation for an eGRC Strategy

436

Published on

Information Governance- The Foundation for an eGRC Strategy …

Information Governance- The Foundation for an eGRC Strategy
Andy Hood

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
436
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Governance The Foundation for an eGRC Strategy Andy Hood EMC Information Governance© Copyright 2011 EMC Corporation. All rights reserved. 1
  • 2. What is eGRC?© Copyright 2011 EMC Corporation. All rights reserved. 2
  • 3. What is GRC? • Governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed. • Risk is the effect of uncertainty on business objectives; risk management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events. • Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures© Copyright 2011 EMC Corporation. All rights reserved. 3
  • 4. Common GRC Theme: Risk IT Operations Finance Legal InfoSec Fraud Data Center Liability Environmental Market Risk IT Security App Mgmt. Litigation Credit Risk Health & Safety HR BCP SDLC Liquidity Privacy Risk DR Financial Reporting Applications Geo-Political© Copyright 2011 EMC Corporation. All rights reserved. 4
  • 5. Enterprise GRC Processes Enterprise GRC IT Finance Operations Legal • Risk Management • Risk Management • Risk Management • Risk Management Core Processes • Policy Management • Policy Management • Policy Management • Policy Management • Incident Management • Incident Management • Incident Management • Incident Management • Enterprise Management • Enterprise Management • Enterprise Management • Enterprise Management • Vendor Management • Vendor Management • Vendor Management • Vendor Management • Compliance Management • Compliance Management • Compliance Management • Compliance Management • Training & Awareness • Training & Awareness • Training & Awareness • Training & Awareness • Threat Management • Audit Management • Business Continuity Management • Privacy Management • Disaster Recovery Management • Loss Event Management • Crisis Management • Board & Entity Management • Environmental Health & Safety • Matters Management • Quality Management • Corporate & Social Responsibility GRC Domains Supporting Processes • Anti-Bribery Compliance • Compensation/Benefits Management • Data Dictionary • Key Risk Indicators • Anti-Money Laundering • Configure – Price – Quote • Digital Media Repository • KYC Compliance Compliance • Contract Management • Employee Satisfaction • OFAC/Global Trade Compliance • Automated Control Collection • Corporate Ethics Compliance • Facility Resource Management • Penetration Test Management • Background Check Management • Corrective/Protective Action Solution • FMEA Management • PPAP Management • Basel II • Customer Complaint Management • GxP Compliance • Purchase Order Tracking • Board Decision Support • Customer Due Diligence Management • Insurance Claims Management • Resource Capacity Planning • Budget Tracking • Key Performance Indicators • Service Level Agreements • Company Initiatives© Copyright 2011 EMC Corporation. All rights reserved. 5
  • 6. EMC eGRC Strategy eGRC Business Solutions Advanced Business Information Security Continuity Governance Management Management eGRC Management Platform Consulting/Implementation Best Practices© Copyright 2011 EMC Corporation. All rights reserved. 6
  • 7. Information Governance• In essence, information governance is the practices and technologies involved with proactively managing: – what information is retained, – where it is stored, – for how long, – who has access to it, and – how it is protected• The drivers behind information governance initiatives include: – the need to comply with regulations and ensure data integrity and security – control of operational expenses associated with managing data – the risks associated with poorly managed data – the e-discovery costs associated with vast volumes of dataSource: The 451 Group, The Rise of Information Governance, August 2009© Copyright 2011 EMC Corporation. All rights reserved. 7
  • 8. EMC Information Governance Solutions© Copyright 2011 EMC Corporation. All rights reserved. 8
  • 9. Business Challenge: Unmanaged FileContent • How much is there? • What is it costing us? • What is its business value? • What is private and confidential ?© Copyright 2011 EMC Corporation. All rights reserved. 9
  • 10. Classify information based on metadata or content of file Migrate valuable files to secure Gain Visibility repositories …. Deliver on-going Increase primary storage capacity information intelligence while reducing costs Create an efficient policy based environment that reduces risk© Copyright 2011 EMC Corporation. All rights reserved. 10
  • 11. Business Challenge: Records and RetentionManagement • The process of manually searching through vast sums of content, identifying them as records, and processing them does not scale • Organizations do not have the resources to keep up with the huge volumes of content© Copyright 2011 EMC Corporation. All rights reserved. 11
  • 12. Time- and event-based retention and disposition Retention tied to workflows Manage Risk and business processes …Ensure consistent Manage physical, electronic retention management and federated records Provides certified records management© Copyright 2011 EMC Corporation. All rights reserved. 12
  • 13. Business Challenge: eDiscovery • Skyrocketing costs of collecting information • Too much dependence on 3rd party solution providers • Inability to consistently apply and enforce policy on electronically stored information • High risk and sanctions • Ubiquitous nature of litigations and internal investigations/audit • Gap between Legal and IT© Copyright 2011 EMC Corporation. All rights reserved. 13
  • 14. Respond in a quick and cost- effective manner to eDiscovery requests Provide Early Case Assessment Implement a repeatable Simplify business process that minimizes eDiscovery and eDiscovery compliance costs …. Shift from Roll out an accurate and reactive to proactive defensible eDiscovery process with complete audit and chain of custody© Copyright 2011 EMC Corporation. All rights reserved. 14
  • 15. Business Challenge: Uncontrolled ContentGrowth • “Ungoverned” information growing in Microsoft SharePoint, Microsoft Exchange, Lotus Domino and File Shares • Cost of Primary Storage • Backup and Recovery SLAs© Copyright 2011 EMC Corporation. All rights reserved. 15
  • 16. Reduce storage requirements by as much as 50% and improve backup operations Improve performance & scalability by Cut Costs up to 60% …. Preserve user Accelerate upgrades and migrations experience Consistently apply and enforce retention and disposition policies Eliminate personal archives© Copyright 2011 EMC Corporation. All rights reserved. 16
  • 17. Modular Consistent Repeatable Flexible • Modular • Identify risky • Repeatable in- • Set retention approach and obsolete house solution across all information for response content • Apply to in-place and readiness unstructured • Reduce costs content • Make sound • Reduce review by 50% or throughout the decisions and costs up to more organization policies 90% • Makes archiving “smarter”© Copyright 2011 EMC Corporation. All rights reserved. 17
  • 18. Summary• Information governance is a foundational element of eGRC that results in organizations gaining visibility, managing risk, simplifying eDiscovery and reducing costs• eGRC requires a holistic approach spanning multiple technologies and consulting• Organizations can take a modular approach to eGRC in general and Information Governance in particular© Copyright 2011 EMC Corporation. All rights reserved. 18
  • 19. Q&A© Copyright 2011 EMC Corporation. All rights reserved. 19
  • 20. Resources • www.emc.com/EMC SourceOne: “Do More with the Power of EMC SourceOne” •Press releases •Analyst reports •Video and audio events •Demonstrations •Data sheets •www.emc.com/grc “See more, Act faster, Spend less” • www.emc.com/EMC SourceOnecity “The Next Generation of Information Governance” White Paper: Enterprise Governance, Risk and Compliance: A New Paradigm to Meet New Demands© Copyright 2011 EMC Corporation. All rights reserved. 20
  • 21. THANK YOU© Copyright 2011 EMC Corporation. All rights reserved. 21

×