Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Beijaflore inc. white paper IT compliance program v1.0
1. CYBER RISK & SECURITY
4 steps to transform Compliance
nightmare into a smooth journey
IT risk, Data Privacy & Cyber Security compliance
NOV 9th 2017
Whitepaper lead - Maxime de Jabrun
Key contributors - Boris Mallet, Laurent Cordival, Julien Pinot
11. Cyber Risk & Security 11Copyright Beijaflore Group
INTEGRATE ALL COMPLIANCE PROGRAMS IN A GLOBAL STRATEGY & CYBERSECURITY
PROGRAM
• All compliance requirements should be managed through a standard Group approach : local entities should not
manage each compliance program alone
• Compliance Mapping :
– Group should have local compliance regulations overall vision, fed by each entity
• Regulation requirements mapping with internal policies:
– Group needs to update internal policy to ensure coverage on its organization full scope
• Implementation programs/project steering:
– Depending on Group governance & operational efficiency and milestones
• Reporting to authorities:
– A central global GRC solution as-a-service, with a single point of contact for each authority
Look for other compliance or business initiatives reuse to deploy compliance programs to minimize additional budget and
awareness/change management
12. Cyber Risk & Security 12Copyright Beijaflore Group
INVOLVE CORPORATE LEADERSHIP ON COMPLIANCE INITIATIVES AND BUILD EFFICIENT
COMMUNICATION
• Compliance programs require corporate leadership and commitment to be effective
– Corporate programs require transversal involvement
– Group entities & department are more likely to be collaborative if compliance programs are sponsored by
top-level management
• Corporate leaders & compliance officers should provide efficient communication through :
– Policies and Procedures
– Training & awareness materials
– Disciplinary guidelines
– Standards
Involve Top management on compliance initiatives to gain Group support
Need of high seniority in compliance project team to be able to communicate with top management
18. Cyber Risk & Security 18Copyright Beijaflore Group
DRIVE THE COMPLIANCE PROGRAMS PLANNING THROUGH MATURITY LEVELS AND ITERATIVE
IMPLEMENTATION OF EACH PROJECT
Technical asset
Organizationalscope
Prototype
Expansion
Finalization
• Assess your organization processes maturity with 5 maturity levels
– 5 – Optimized
– 4 – Controlled
– 3 – Defined
– 2 – Repeatable
– 1 – Heroic
• Use a 3 iterative steps implementation for each initiative, based on
– Requirements
– Organizational scope : start with compliance mature entity
– Technical assets: start with “easy” assets to quickly show results
PRIORIZATION THROUGH 3 steps
1 – sections with short term deadlines + improve low maturity sections
up to DEFINED
2 – maturity to reach CONTROLLED level on all processes
3 – Optimized compliance
20. Cyber Risk & Security 20Copyright Beijaflore Group
MONITOR NON-COMPLIANCE TO PEACEFULLY PRIORITIZE ACTIONS
MaturityLevelofNoncompliance
Ease to implement
Low High
LowHigh
1
5
4
2
3
6
7
10
8
9
11
14
13
15
16
17 18
Use One global referential to ease internal change management,
global arbitration and reporting
# requirement/section maturity level
# points of conformity
Risks’ matrix (non compliance risk vs ease to implement
actions)
Act quickly on the Easy to implement/High impact on
compliance
Monitor non compliance
Use One global referential to ease internal change
management, global arbitration and reporting
21. Cyber Risk & Security 21Copyright Beijaflore Group
PREPARE COMPLIANCE SELF-ASSESSMENT TOOLS AND CAPABILITY TO DEMONSTRATE
COMPLIANCE TO AUTHORITY
ASSURANCE LEVELS
1. Declarative statement
2. Controlled statement
3. Automatic tool
4. Certified automatic tool
• Define assurance maturity levels for self-assessment
– Promote automated assessment through your organization
• Prepare compliance self-assessment tools (dashboards, questionnaire, excel sheet, forms, etc.)
• Identify means and capability to demonstrate compliance to external/internal authority
• Prepare & maintain list of evidence related to compliance for authorities
• Define process for compliance certification to authority when applicable
• Work with internal Audit teams when possible / applicable
Self assessment allows for steering of initiatives and quick decisions making