Global Partnering & Team Solutions  Connect to Client Excellence
Service Expectations Align the Team Client SOAProjects Structured Relationship Knowledge and Insights Customized Solutions...
Providing Technology and Engineering Risk management services, we help clients seize opportunities for growth and profitab...
 
IT Strategic Planning Business Process Management Reliability Confidentiality Availability Integrity Effectiveness Efficie...
<ul><li>The Technology Risk and Management Services (TRMS) technology experts help you assess and establish appropriate sa...
 
Governance Risk & Compliance (GRC) Business Process Management &  SOX IT Optimization IT Service Management ITSM ITILv3 Ap...
Business Process Management &  SOX IT Optimization IT Service Management ITSM ITILv3 Application Solutions  (SAP, Oracle, ...
Governance Risk & Compliance (GRC) Application Solutions  (SAP, Oracle, Package Selection) Certification Readiness Informa...
Governance Risk & Compliance (GRC) Business Process Management &  SOX IT Optimization Application Solutions  (SAP, Oracle,...
Governance Risk & Compliance (GRC) Business Process Management &  SOX IT Optimization IT Service Management ITSM ITILv3 Ce...
Governance Risk & Compliance (GRC) Business Process Management &  SOX IT Optimization IT Service Management ITSM ITILv3 Ap...
Governance Risk & Compliance (GRC) Business Process Management &  SOX IT Optimization IT Service Management ITSM ITILv3 Ap...
 
<ul><li>Governance Risk and Compliance are not just buzz words.  Our real world experience, thought leadership, methods an...
RunBooks Identify Expected and KEY Services + Systems = Establishing a Technology Baseline Supporting Critical Automated B...
<ul><ul><li>Organizations  face challenges that drive the need for IT governance: </li></ul></ul><ul><ul><ul><li>Keeping I...
 
 
<ul><li>Reduces operational expense through streamlined control structures </li></ul><ul><li>Identifies cross-enterprise r...
<ul><li>Enterprise risk management is:  </li></ul><ul><li>A process, ongoing and flowing  </li></ul><ul><li>Effected by pe...
Enterprise Risk Management helps business leadership achieve the organization’s performance  and profitability targets.
Quarterly Business Review Compliance Hot-Line IT RiskWatch Assign Risk Manager Board Reports Vulnerability Threat & Vulner...
<ul><li>Automation of Audit Function </li></ul><ul><li>Changes in the risk landscape are rapid, dynamic and  cannot be man...
<ul><li>Culture of change management </li></ul><ul><li>Culture of causality </li></ul><ul><li>Culture of compliance and de...
Change Management’s Relationship to Governance
IT SERVICE OFFERINGS
IT SERVICE OFFERINGS
<ul><li>Build and Maintain a Secure Network  </li></ul><ul><li>Protect Cardholder Data  </li></ul><ul><li>Implement Strong...
<ul><li>“  ISO/IEC 27001:2005 implements effective information security management in compliance with organizational objec...
<ul><li>Initiate </li></ul><ul><li>Understand Define Information Security Policy </li></ul><ul><li>Initial Information gat...
<ul><li>ISO -  Performance  of the organization  </li></ul><ul><ul><li>Proper Corporate Governance of IT assists directors...
Compliance Resources Services Risk Compliance frameworks are designed to make companies more successful by reducing operat...
Assistance In All The Following Areas Which Are The Building Blocks For SOX Compliance
<ul><li>Data warehousing Design and Development </li></ul><ul><li>Business Intelligence </li></ul><ul><li>Enterprise Appli...
<ul><li>Once production processes are stable and accepted, SOAProjects provides documentation and knowledge transfer </li>...
 
 
$ $ Value Drivers
Custom Scripts C, C++, SQL ETL  Extract, Transform, Load Informatica See Commerce Oracle DW Builder Micro strategy Sales a...
Breadth of Services (180+ Consultants + over 10 years experience) Depth of Experience (Rich Industry Experience with avera...
About Robin Basham, M.Ed, M.IT, CISA, ITSM, CGEIT Director, Enterprise Governance Risk & Compliance Robin Basham is recogn...
<ul><li>SOAProjects established in 2004, began as a team of Big Four alumni possessing CPA, CISA, CISSP, CISM and CFE back...
Your Needs   Our People Winning Solution CONTACT:  Alan Chipman  |  Robin Basham 495 N. Whisman Road, Suite 500 | Mountain...
Upcoming SlideShare
Loading in …5
×

It Service Offeringsrbv1.5

842 views

Published on

SOAProjects, Service Offering
Technology and Risk Management Services

1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
842
On SlideShare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
0
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide
  • It Service Offeringsrbv1.5

    1. 1. Global Partnering & Team Solutions Connect to Client Excellence
    2. 2. Service Expectations Align the Team Client SOAProjects Structured Relationship Knowledge and Insights Customized Solutions Business Imperatives Issues Needs Risk Relationship
    3. 3. Providing Technology and Engineering Risk management services, we help clients seize opportunities for growth and profitability while protecting them from risk. Mobilizing our resources effectively and through our network of offices in US, Europe and Asia, SOAProjects manages projects in global multi-billion dollar technology companies.
    4. 5. IT Strategic Planning Business Process Management Reliability Confidentiality Availability Integrity Effectiveness Efficiency Application Solutions Security Program Management Business Continuity – Disaster Recovery Governance, Risk Management and Compliance People Technology Process IT Controls Optimization IT Service Management User Provisioning Change Management Segregation of Duties Certification Readiness IT Controls Self-Assessment
    5. 6. <ul><li>The Technology Risk and Management Services (TRMS) technology experts help you assess and establish appropriate safeguards for your information systems. </li></ul>IT SERVICE OFFERINGS <ul><li>It is crucial to identify and understand your risks and to create a plan of action. </li></ul><ul><li>Our model identifies the risks and factors affecting your Company’s IT environment and considers your overall business requirements: </li></ul><ul><ul><li>Effectiveness </li></ul></ul><ul><ul><li>Efficiency </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Availability </li></ul></ul><ul><ul><li>Compliance </li></ul></ul><ul><ul><li>Reliability </li></ul></ul>
    6. 8. Governance Risk & Compliance (GRC) Business Process Management & SOX IT Optimization IT Service Management ITSM ITILv3 Application Solutions (SAP, Oracle, Package Selection) Certification Readiness Information Security Management ISM
    7. 9. Business Process Management & SOX IT Optimization IT Service Management ITSM ITILv3 Application Solutions (SAP, Oracle, Package Selection) Certification Readiness Information Security Management ISM Management Advisory Strategic Planning & Risk Management
    8. 10. Governance Risk & Compliance (GRC) Application Solutions (SAP, Oracle, Package Selection) Certification Readiness Information Security Management ISM Management Advisory Strategic Planning & Risk Management
    9. 11. Governance Risk & Compliance (GRC) Business Process Management & SOX IT Optimization Application Solutions (SAP, Oracle, Package Selection) Certification Readiness Information Security Management ISM Management Advisory Strategic Planning & Risk Management
    10. 12. Governance Risk & Compliance (GRC) Business Process Management & SOX IT Optimization IT Service Management ITSM ITILv3 Certification Readiness Information Security Management ISM Management Advisory Strategic Planning & Risk Management
    11. 13. Governance Risk & Compliance (GRC) Business Process Management & SOX IT Optimization IT Service Management ITSM ITILv3 Application Solutions (SAP, Oracle, Package Selection) Information Security Management ISM Management Advisory Strategic Planning & Risk Management
    12. 14. Governance Risk & Compliance (GRC) Business Process Management & SOX IT Optimization IT Service Management ITSM ITILv3 Application Solutions (SAP, Oracle, Package Selection) Certification Readiness Management Advisory Strategic Planning & Risk Management
    13. 16. <ul><li>Governance Risk and Compliance are not just buzz words. Our real world experience, thought leadership, methods and tools add to your absolute solution for a mature and ongoing program of GRC. </li></ul><ul><li>Every client has unique goals and capabilities. Typical engagements include: </li></ul><ul><ul><li>Policy Baseline </li></ul></ul><ul><ul><li>Configuration Management Database and Service Oriented Architecture –CMDB SOA </li></ul></ul><ul><ul><li>Control Self Assessment- CSA </li></ul></ul><ul><ul><li>Enterprise Risk Management - ERM </li></ul></ul>GRC Platforms Oracle, SAP, ERP, EMS
    14. 17. RunBooks Identify Expected and KEY Services + Systems = Establishing a Technology Baseline Supporting Critical Automated Business Controls Policy Mapping is the Foundation of Actionable, Auditable Control Assessment Reviews CMDB – Configuration Management Alignment To Security Policy and Service Standards (such as the selected control frameworks) RiskWatch* iterates the gap between Policy, Standards and Business Realities Each stage leverages different, but existing audit information *RiskWatch is a project management process explained by Robert Merch in his text book “Project Management, Best Practices for IT Professionals” SOAProjects owns and implements tools to facilitate adopting this approach.
    15. 18. <ul><ul><li>Organizations face challenges that drive the need for IT governance: </li></ul></ul><ul><ul><ul><li>Keeping IT running </li></ul></ul></ul><ul><ul><ul><li>Delivering value to customers </li></ul></ul></ul><ul><ul><ul><li>Managing IT costs </li></ul></ul></ul><ul><ul><ul><li>Master complexity </li></ul></ul></ul><ul><ul><ul><li>Align IT with business </li></ul></ul></ul><ul><ul><ul><li>Ensure regulatory compliance </li></ul></ul></ul><ul><ul><ul><li>Manage security </li></ul></ul></ul><ul><ul><li>© ISACA CobiT Foundation™ </li></ul></ul>
    16. 21. <ul><li>Reduces operational expense through streamlined control structures </li></ul><ul><li>Identifies cross-enterprise risks </li></ul><ul><li>Aligns risk appetite and corporate strategy </li></ul><ul><li>Enhances efficient risk response and rapid consistent decisions </li></ul><ul><li>Seizes opportunities to prevent loss, rather than repair loss </li></ul><ul><li>Improves the deployment of capital </li></ul>
    17. 22. <ul><li>Enterprise risk management is: </li></ul><ul><li>A process, ongoing and flowing </li></ul><ul><li>Effected by people at every level </li></ul><ul><li>Applied with a strategy in a specific setting </li></ul><ul><li>Applied across the enterprise </li></ul><ul><ul><li>at every level and unit, and </li></ul></ul><ul><ul><li>includes taking an entity-level portfolio view of risk </li></ul></ul><ul><li>Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite </li></ul><ul><li>Able to provide reasonable assurance to an entity’s management and board of directors </li></ul><ul><li>Geared to achievement of objectives in one or more separate but overlapping categories </li></ul>Enterprise Risk Management — Integrated Framework Executive Summary Copyright © September 2004 by the Committee of Sponsoring Organizations of the Treadway Commission.
    18. 23. Enterprise Risk Management helps business leadership achieve the organization’s performance and profitability targets.
    19. 24. Quarterly Business Review Compliance Hot-Line IT RiskWatch Assign Risk Manager Board Reports Vulnerability Threat & Vulnerability Analysis Input risk details and status log Residual Risk Program RiskWatch Corporate RiskWatch Risk Meeting IT Steering Committee
    20. 25. <ul><li>Automation of Audit Function </li></ul><ul><li>Changes in the risk landscape are rapid, dynamic and cannot be managed by manual process. </li></ul><ul><li>Corporate audit function costs continue to rise due to increasing threats and events. </li></ul><ul><li>Greater efficiency and cost effectiveness are achieved by: </li></ul><ul><ul><ul><li>Automating audit processes </li></ul></ul></ul><ul><ul><ul><li>Better monitoring tools and techniques </li></ul></ul></ul><ul><ul><ul><li>Training key compliance team members </li></ul></ul></ul><ul><li>Our Approach </li></ul><ul><li>SOAProjects uses a risk based approach. </li></ul><ul><li>We assess your finance and IT environment, identifying greatest opportunities for automation. </li></ul><ul><li>We provide Data Mining and Data Analytical tools and techniques that are leveraged by </li></ul><ul><li>Training the internal audit and key contributing members of the client organization. </li></ul>
    21. 26. <ul><li>Culture of change management </li></ul><ul><li>Culture of causality </li></ul><ul><li>Culture of compliance and desire to continually reduce variance </li></ul>
    22. 27. Change Management’s Relationship to Governance
    23. 28.
    24. 29. IT SERVICE OFFERINGS
    25. 30.
    26. 31. IT SERVICE OFFERINGS
    27. 32. <ul><li>Build and Maintain a Secure Network </li></ul><ul><li>Protect Cardholder Data </li></ul><ul><li>Implement Strong Access Control Measures </li></ul><ul><li>Regularly Monitor and Test Networks </li></ul><ul><li>Maintain a Vulnerability Management Program </li></ul><ul><li>Maintain an Information Security Policy </li></ul>
    28. 33. <ul><li>“ ISO/IEC 27001:2005 implements effective information security management in compliance with organizational objectives and business requirements. Risk-based specification designed to take care of information security aspects of corporate governance, protection of information assets, legal and contractual obligations as well as the wide range of threats to an organization’s information and communications technology (ICT) systems and business processes.” ( re-number ISO/IEC 17799 as ISO/IEC 27002 ) </li></ul>
    29. 34. <ul><li>Initiate </li></ul><ul><li>Understand Define Information Security Policy </li></ul><ul><li>Initial Information gathering </li></ul><ul><li>Define </li></ul><ul><li>ISMS </li></ul><ul><ul><li>Security Manuals </li></ul></ul><ul><ul><li>Procedures </li></ul></ul><ul><ul><li>Guidelines Templates </li></ul></ul><ul><li>Assess </li></ul><ul><ul><li>Risk Analysis Ranking </li></ul></ul><ul><ul><li>Risk Management </li></ul></ul><ul><li>Develop </li></ul><ul><ul><li>Controls Identification & Development </li></ul></ul><ul><li>Readiness </li></ul><ul><ul><li>Statement of applicability </li></ul></ul><ul><ul><li>Assistance in Implementation and Certification Process </li></ul></ul>
    30. 35.
    31. 36. <ul><li>ISO - Performance of the organization </li></ul><ul><ul><li>Proper Corporate Governance of IT assists directors to ensure that IT use contributes positively to the performance of the organization, through: </li></ul></ul><ul><ul><ul><li>Appropriate Implementation And Operation of IT Assets </li></ul></ul></ul><ul><ul><ul><li>Clarity of Responsibility And Accountability For Both The Use And Provision </li></ul></ul></ul><ul><ul><ul><li>of IT In Achieving The Goals of The Organization </li></ul></ul></ul><ul><ul><ul><li>Business Continuity And Sustainability </li></ul></ul></ul><ul><ul><ul><li>Alignment of IT With Business Needs </li></ul></ul></ul><ul><ul><ul><li>Efficient Allocation of Resources </li></ul></ul></ul><ul><ul><ul><li>Innovation In Services, Markets, And Business </li></ul></ul></ul><ul><ul><ul><li>Good Practice In Relationships With Stakeholders </li></ul></ul></ul><ul><ul><ul><li>Reduction In The Costs For An Organization </li></ul></ul></ul><ul><ul><ul><li>Actual Realization of The Approved Benefits From Each IT Investment </li></ul></ul></ul><ul><li>INTERNATIONAL STANDARD ISO/IEC 38500 </li></ul>
    32. 37. Compliance Resources Services Risk Compliance frameworks are designed to make companies more successful by reducing operating cost and risk while optimizing service delivery. If a framework can’t achieve this, it is the wrong framework. define execute measure
    33. 38. Assistance In All The Following Areas Which Are The Building Blocks For SOX Compliance
    34. 39. <ul><li>Data warehousing Design and Development </li></ul><ul><li>Business Intelligence </li></ul><ul><li>Enterprise Application Integration (Middleware) </li></ul><ul><li>Application database porting </li></ul><ul><li>ERP applications – Implementation and support </li></ul>
    35. 40. <ul><li>Once production processes are stable and accepted, SOAProjects provides documentation and knowledge transfer </li></ul>
    36. 43. $ $ Value Drivers
    37. 44. Custom Scripts C, C++, SQL ETL Extract, Transform, Load Informatica See Commerce Oracle DW Builder Micro strategy Sales and Marketing Accounting & Finance Human Resource Systems Customer Relationship Management Oracle SQL Sybase Informix Other Data Sources Metadata Reference Tables Customer Service Oracle Target Data Warehouse
    38. 45. Breadth of Services (180+ Consultants + over 10 years experience) Depth of Experience (Rich Industry Experience with average of over 10 years) Partnerships & Alliances (Best of Breed, wide Spectrum of Products) Cost Effective Solutions (Our rates are typically 30-50% lower than most other auditing/consulting firms) Complete Solution Scalable & Robust Solution Versatile & Qualified Solutions Tangible Cost Benefits
    39. 46. About Robin Basham, M.Ed, M.IT, CISA, ITSM, CGEIT Director, Enterprise Governance Risk & Compliance Robin Basham is recognized across several major industries as an ICT Enterprise and GRC expert. With experience in Data Center Design and Implementation, Enterprise Solutions from data driven workflow systems to infrastructure and compliance, Ms. Basham is positioned to assist SOAProjects clients in Green Tech initiatives, aligning with every aspect of the IT Enterprise. Director Regulatory Consulting, International Standards Expert, Operations Officer, Master Educator Certifications & Accreditation ITIL, CobiT, Networking, Security Steering Committees - ISACA, OASIS, OMG, Degrees include two Bachelors from the University of Massachusetts, Amherst, a Master’s from Lesley College in Cambridge, and after 13 years working in Information Technology, a second Masters in Enterprise Technology from American InterContinental University. Projects include facilitating regulatory compliance within Siemens, Raytheon, CitiStreet, The Options Clearing Corporation, Financial Times Interactive Data, State Street, SanDisk, CA, AON, Pegasystems, Informa, Journal Communications, Sharp, MA/Com, and OmniVision Technologies Contact: [email_address] About Alan Chipman Director, Information Technology Practice Alan graduated from Brigham Young University with a Masters of Accountancy with an emphasis in Information Systems auditing in 1989.  A founding member of the Systems and Process Assurance group (SPA) IT audit and controls consulting practice in the PwC San Jose office, Alan is recognized for growing that team from zero to over 90 people during his ten years there. Leading Bay Area client through all of their information and regulatory requirements, his 19 years have included businesses Hewlett-Packard, Nike, Agilent Technologies, Borland, State Compensation Insurance Fund, Logitech, LSI Logic, Varian Medical, Varian Inc.,  and Chevron. Alan’s first degree was a Bachelor of Science in Accounting and Minor in Music Theory. His expertise crosses Industries:  Computers and Networking, Software and Internet, Bio Tech, Utilities, Oil & Gas, Insurance, Semiconductor Contact: [email_address]
    40. 47. <ul><li>SOAProjects established in 2004, began as a team of Big Four alumni possessing CPA, CISA, CISSP, CISM and CFE background. In the half decade since, this model has attracted talent from leading Compliance and Information Service firms worldwide. </li></ul><ul><li>Specializing in supplying resources for projects where little or no specifications were available, SOAProjects rapidly distinguished itself as Service Oriented, assuring Success Over All Projects. </li></ul><ul><li>Our flexible approach operates on a basic principle: What you need is what you get. We deliver cost effective services specifically tailored to meet your unique environment and objectives. </li></ul><ul><li>Entirely comprised of experienced, dedicated risk and controls professional, SOAProjects provides a complete Information Security Assessment, Sarbanes Oxley Compliance Solution, ERM Application and Enterprise Governance Risk and Compliance Services. </li></ul><ul><li>SOAProjects consultants are selected from among Senior Managers, Directors and Partners working within the Big Four, as well as our industry’s most reputable firms in Information Audit and Enterprise Compliance. </li></ul>IT SERVICE OFFERINGS
    41. 48. Your Needs Our People Winning Solution CONTACT: Alan Chipman | Robin Basham 495 N. Whisman Road, Suite 500 | Mountain View, CA 94043 Tel: 650 960 9900 |Fax: 650 960 2400 WWW. SOAProjects.com

    ×