The Information Office

632 views

Published on

A presentation on the functioning of an Information Systems Department whose functions include Compliance, Control, Systems & Processes.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
632
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Information Office

  1. 1. The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant
  2. 2. Organization, roles and responsibilities
  3. 3. Organization
  4. 4. Responsibilities The main functions of the Information Office are:  Establishment of Compliance Office and IS0  ITGC Implementation – SOX  Standardized MIS – Cubot  Realtime Web Analytics – Omniture  Revenue Recognition Systems – ART  Workflow Systems – (AdSales ACA)  RDS – Automated Deployment System  BDMT – Batch Deployment and Monitoring  Realtime Web Analytics/Reporting – RWA/R  Integrated WFS-Campaign Control – WFS-CC  Sales Force Automation (Salesforce.com)  Integrated P4C-DSA Sales Automation (Salesforce.com)  Marketing Automation (Talisma Marketing)  Access-Control Automation  HelpDesk System
  5. 5. Objectives  To move from a state of low/no control to a SOX and ITGC Compliant organization • Low/No Control - ITGC • SOX 404 - GCC • Policies • Procedures • Systems • Reviews • Audits • Internal Control Framework • Internal Testing and attestation • To move from a manual processes organization to a automated, process oriented, systemic organization
  6. 6. Objectives  • Email/phone support - Talisma CS • DB Query Shopper List - Talisma Mktg Automation • MIS:8080/AdHoc Reports à Cubots • WebTrends - Omniture • WebTrends - Realtime Web Analytics • Sales Leads (notepad) - SFA • Contract email approvals - WFS • Manual Campaign Schedule - WFS-CC • Excel Sheet Rev. Rec - ART • Manual Entry in SunSystems - ART-SunSys Integration • Everybody deploys (uploads) - CMR/RDS • End-user alerts on batch jobs - BDMT • Manual Access-Control - Access Control System • Informal Bug reporting - HelpDesk System
  7. 7. Roles  As Chief Compliance Officer  Manage the Compliance Office and Implement ITGC  Own all Policies and Procedures  Manage Reviews  Logical Access Reviews  Segregation of Duties Reviews  Infrastructure Reviews  Data Center and Network Security Review  Internal Audit Schedule
  8. 8. Roles  As Chief Information Security Officer  Manage the Information Security Organization  Own Risk and Control Matrix  Conduct Risk Assessment and Planning  Security and Access Control  Conduct Security Audits / Reviews
  9. 9. Roles  As Director – Information Systems  Identify which applications create the most value for the business and build and deliver them – on time and budget.  Roadmap and manage lifecycle  Direction, Planning, Reviews  Systems Implementation  Ensure compliance in all implementations  Manage Partner Relationships  Develop Partners
  10. 10. Compliance and control
  11. 11. Responsibilities  The Compliance and Control Office is responsible for the following:  Information Security  Access Control  Change Management  Systems, Network and Data Security Reviews and Audits o ITGC - Policy & Control  Maintain Policy & Control Documentation  Policies  IT Security Policy  Access Control Policy  IT AUP  Data Backup/Restore Policy  Change Management Policy  Control Documents  Application Authorization Matrix  Batch Jobs Document  End-User Computing Traceability Matrix  Computing Resources Authorization Matrix  Conduct Risk Assessment  Maintain Control / Risk Matrix  Communications and Monitoring
  12. 12. Internal Control Framework  The Internal Control Framework shows the controlling processes and procedures used to achieve compliance and control in the organization.
  13. 13. Information Security  Information Security Office  The information security office is responsible for  implementing the security policies  conducting information security meetings  conducting security and access control reviews  communicating security policies  conducting security awareness sessions in the organization  defining processes for and reviewing the monitoring of system, network and data security implementations,  conducting internal security audits on a periodic basis.
  14. 14. …Information Security  Chief Information Security Officer  Responsibilities are:  Implement Policies  Information Security Policy  Access Control Policy  Backup/Restoration Policy  Conduct Information Security Office Meetings  All meetings to be recorded (MOM)  Conduct Reviews  Security, Access Control, AUP, B&R, DR Policy  Record all Policy Reviews (MOM)  Policies to be updated and approved  Updates to policies to be logged  Publish a review schedule
  15. 15. …Information Security  Communication  Information Security Policy and Access Control Policy updates to all employees periodically.  HR Training calendar for Security and Appropriate Usage sessions.  Conduct Security Awareness and Appropriate Sessions for new joinees.  Monitoring  Review of System Exception Logs, Unauthorized Logins, Authorized Users lists  All Reviews to be logged and the review reports with findings signed off on.  Action taken report to be reviewed and signed off-on.  Publish a review schedule.
  16. 16. …Information Security  Define  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Review  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Backup/Restoration/Recovery Testing Log Sheet  Monthly Tape-To-Bank Log Sheet  All reviews to be recorded (MOM)  Publish a review schedule.
  17. 17. Access Control  Centralized Access Control – Systems  Ad Server  Sun Systems  Cubots  ART  ACA  Omniture  SFA  Talisma  OTS / MIS:8080 / Vendors  Domain  Email  Review – All authorized requests for addition/deletion – Application Authorization Matrix maintenance – All authorized requests for root and privileged access – Server Access Authorization Matrix maintenance – Reviews to be recorded (MOM)
  18. 18. …Access Control  User Management of defined servers  All authorized requests for addition/deletion to be maintained  Application Authorization Matrix maintenance  All authorized requests for root and privileged access to be filed and maintained  User Management of defined servers not in scope (owned by NOC)  Server Access Authorization Matrix maintenance  Access logs, Authorized Requests and Authorization Matrix to be reviewed periodically  Owner: Manager – Process & Control  Centralized Access Control – Systems  Ad Server, Sun Systems, Cubots, ART / WFS  OTS / MIS:8080 / Vendors  Domain / Email
  19. 19. Change Management  Periodic Review of  Change Management Process.  Change Requests submitted.  Change Request Approvals  Pending deployments  Conducting periodic Review Meetings and documenting the findings of the review  Reviewing Reports with recommendations for re-mediation submitted and approving the recommendations.  Ensuring that the approved recommendations are carried out.  Reviewing the re-mediation carried out, approving and signing off on the same.
  20. 20. Policy Management  Policy Reviews and Updates  Schedule for ISC and Policy Reviews  Conduct Reviews, report submission.  Report Approvals, Policy updated and approved.
  21. 21. systems
  22. 22. Systems
  23. 23. Business Productivity Systems  Revenue Reconciliation and Settlement Systems  Ad Sales Contract and Credit Approval System  ART – AdSales / ECom / Mobile / Subs  Common Accounts Manager  Business Analytics Systems  Realtime Web Analytics System
  24. 24. Change Management & Access Control Systems  Applications Deployment System (RDS)  Batch Deployment & Monitoring System (BDMT)  Access Control System  Help Desk/Problem Management System
  25. 25. Partner Relations
  26. 26. Partner Relationship Management  Partner Evaluation  To evaluate partners for consultancy, software development or solution implementation.  Partner Acquisition  Negotiation with the shortlisted partners and completing the NDA and the Agreements.  Relationship Management  Managing the relationship so as to derive the maximum benefit and ensure that the projects are delivered on budget and on schedule.
  27. 27. Project Management  Ensure Project Delivery by managing various stages of the delivery  Planning  Execution  Review  Acceptance Test  Change Management  Project Management Methodology  SDLC – Project Plan / RA / FS / SD / UAT  Change Management  SCR / CMR / CVS / RDS
  28. 28. …Project Management  Project Documentation  RS / FS / DD / UAT / User Guide  Implementation & Ops Manual  Customer Management  Requirement Analysis / Change Request Process  Acceptance on RA/FS  UAT  Training and Support
  29. 29. The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant

×