This week in governance, risk and compliance brings us partnerships, advice and lessons learned from the recession.
And the Oscar Goes to...
If it's good enough for the golden statuette it's good enough for Agiliance, or at least that's what they're counting on. Agiliance Inc., a leader in integrated GRC, has announced a "joint business relationship" with PricewaterhouseCoopers LLP. The partnership will provide joint marketing, sales and delivery of solutions aimed at helping to automate customers' expensive manual processes for meeting increasingly stringent government and industry mandates.
Both entities bring a vast set of tools to the table, namely Pricewaterhouse's domain experience in GRC, internal controls, and information security consulting services and Agiliance's market leading technology for the open, scalable delivery of GRC automation.
ZDNet's Ben Goodman writes about the unfortunate reality that is security and regulatory compliance. He says that companies aren't able to ensure the security of their systems because they "have not tackled security and compliance as the systemic challenges they are." Goodman offers some pearls of wisdom for those in need. He recommends:
- putting in place the security and compliance policies that make sense for the organization, and then leveraging the technology to automate security and policy compliance enforcement and validation
- mapping internal polices to the requirements of specific regulations, regulatory compliance efforts can be streamlined while reducing risk.
Goodman's advice is definitely worthy of every company's time and should be on everyone's required reading before tackling GRC.
Don't Cutback on Compliance
While unpleasant, layoffs and cutbacks are the reality of living in a down economy. Layoffs also put many companies at risk for security breaches. A recent a Breach Security survey of 180 IT security professionals which indicated that not only are layoffs imminent but that the reduction in force has impacted their security organization's ability to adequately protect the enterprise. Coincidentally, attempts to hack information often go unreported, either because they lack the proper controls and staff for monitoring security leaks.
To avoid embarrassing compromises to your information systems, look beyond minimum requirements aimed at pleasing auditors, and aim to protect customer and corporate data, as well.