Why We Are Here
What compliance and governance is and why you
should care
Distinguishing Myth from Reality
Going Beyond “J...
Why Are We Here?
We don’t want to be…
We want to know how far it is to the hole…
Disclaimers
Compliance is Everywhere


      At last count, there are at
        least 200 international
      regulatory & legal driv...
Compliance is Everywhere


Sarbanes-Oxley FTC
      SEC rule 17a-4 Patriot Act
European Union Privacy Laws
  California Se...
Compliance is Everywhere
And it makes C-Level executives and and their
employees want to just…
Compliance is Everywhere
Corporate Governance is not an option…




            Resistance is not only futile…
Compliance is Everywhere
…but can take you from this…
Compliance is Everywhere
…to this
Terms and Definitions
Elements of Governance
Elements of Governance
Information technology is so
embedded in the operations of an
    enterprise that strong IT
Governance is needed to suppor...
Business Goals, objectives and
specific requirements drive IT, not
       the other way around
COBIT Copyright The Information Technology Governance Institute, All rights reserved. Used with permission
(IT Strategy and Policy)
                          Requirements
                                                          ...
IT Resources                                  Information
•   Data                                               •   Effec...
PO7 manage human resources
                                                                                      PO8 ensur...
Control Process P06 –
    Control over the IT process of
        communicating management aims and direction
            t...
Questions, Comments,
                                        and Discussion




                                          ...
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
E-Mail Compliance Frameworks in the Real World
Upcoming SlideShare
Loading in …5
×

E-Mail Compliance Frameworks in the Real World

464 views

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
464
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

E-Mail Compliance Frameworks in the Real World

  1. 1. Why We Are Here What compliance and governance is and why you should care Distinguishing Myth from Reality Going Beyond “Just Good Enough” Approaches Introduction to Compliance Frameworks Balancing Competing Frameworks: Apples & Oranges? Implementing Compliance Frameworks E-Mail Management Issues to Be Addressed On-Line resources What do you need to take home?
  2. 2. Why Are We Here?
  3. 3. We don’t want to be…
  4. 4. We want to know how far it is to the hole…
  5. 5. Disclaimers
  6. 6. Compliance is Everywhere At last count, there are at least 200 international regulatory & legal drivers that must be complied with as tracked by IBM Business Consulting Services
  7. 7. Compliance is Everywhere Sarbanes-Oxley FTC SEC rule 17a-4 Patriot Act European Union Privacy Laws California Security Breach Notice Law FDA BASEL II FMFIA HIPAA Financial Services Modernization FISMAV) Act of 1999 (GLBA, Gramm-Leach-Bliley Act, Title
  8. 8. Compliance is Everywhere And it makes C-Level executives and and their employees want to just…
  9. 9. Compliance is Everywhere Corporate Governance is not an option… Resistance is not only futile…
  10. 10. Compliance is Everywhere …but can take you from this…
  11. 11. Compliance is Everywhere …to this
  12. 12. Terms and Definitions
  13. 13. Elements of Governance
  14. 14. Elements of Governance
  15. 15. Information technology is so embedded in the operations of an enterprise that strong IT Governance is needed to support corporate governance objectives and compliance requirements.
  16. 16. Business Goals, objectives and specific requirements drive IT, not the other way around
  17. 17. COBIT Copyright The Information Technology Governance Institute, All rights reserved. Used with permission
  18. 18. (IT Strategy and Policy) Requirements Direction Control Goals Responsibilities Objectives Business Governance Business Needs to Information (IT Achieve Its Objectives Control, Risk and Assurance) IT Governance COBIT Copyright The Information Technology Governance Institute, All rights reserved. Used with permission
  19. 19. IT Resources Information • Data • Effectiveness • Application Systems • Efficiency • Technology • Confidentiality • Facilities • Integrity • People • Availability • Compliance • Reliability Plan and Organise Monitor And Evaluate Acquire and Implement Deliver and Support COBIT Copyright The Information Technology Governance Institute, All rights reserved. Used with permission
  20. 20. PO7 manage human resources PO8 ensure compliance with external requirements PO9 assess risks IT Resources Information PO10 manage projects PO11 manage quality • Data • Effectiveness • Application Systems • Efficiency • Technology • Confidentiality • Facilities • Integrity • People • Availability • Compliance • Reliability Plan and Organise Monitor And Evaluate Acquire and Implement M1 monitor the processes M2 assess internal control adequacy M3 obtain independent assurance M4 provide for independent audit Deliver and Support DS4 Ensure continuous service DS5 Ensure systems security AI1 identify automated solutions DS7 Educate and train users AI2 acquire and maintain application software DS8 Assist and advise IT customers AI3 acquire and maintain technology infrastructure DS9 Manage the configuration AI4 develop and maintain procedures DS10 Manage problems and incidents AI5 install and accredit systems DS11 Manage data AI6 manage changes COBIT Copyright The Information Technology Governance Institute, All rights reserved. Used with permission
  21. 21. Control Process P06 – Control over the IT process of communicating management aims and direction that satisfies the business requirement of to provide automated process that satisfies the business requirement to ensure user awareness and understanding of those aims is enabled by policies established and communicated to the user community; furthermore, standards need to be established to translate the strategic options into practical and usable user rules and takes into consideration • clearly articulated mission • technology directives linked to business aims • code of conduct/ethics • quality commitment • security and internal control policies • security and internal control practices • lead-by-example • continuous communications programme • providing guidance and checking compliance
  22. 22. Questions, Comments, and Discussion How to Contact Me: Christopher Byrne iscontrolscaddy@gmail.com Techies Cartoon Copyright 2000 Jeff Larson, All Rights Reserved, Permission Pending

×