M Hotel Singapore28 September 2018
OpenGov, in collaboration with ACL, is bringing Mark Bowry, Radio and Regional Business Lead, to Singapore for an exclusive Breakfast Insight session on integrating IT governance into business strategy.
Interested in getting the Agenda for this event? Request a copy from our staff (firstname.lastname@example.org):
● How mapping and tracking policies, key controls, systems, processes and people (ideally in one place) can help you assure the board and senior management that the Information System and risks are effectively managed
● Addressing regulatory requirements and reducing compliance pressure will help minimise the risk exposure while remaining compliant
● Avoiding data breaches, data loss/theft and data drift by monitoring access privileges real-time to ensure that the privileges are up to date
● Securing data based on Data Privacy Regulations to ensure that management of information is efficient, timely, secured and compliant to regulations
● Overcoming the challenge to evolve and adapt to the General Data Protection Regulation (GDPR)
● Ways to manage and secure network and storage to safeguard against cyberthreats, while ensuring that information is safe by adopting a centralised platform
● Re-establishing stronger evaluation and management for vendors throughout the whole lifecycle of the project by evaluating performances and ROI regularly
“We have seen decision makers dismiss data governance work during (the) project implementation phase, assuming it can be saved for later. This is precisely the type of thinking that leads to a lack of data governance and the entry of cyberattacks”
– Mr Ng Hoo Ming, Deputy Chief Executive of Operations, Cyber Security Agency Singapore
Today’s organisations are struggling to deal with the governance impact of digital disruption. Any digital footprint can be tracked, and inevitably bad practice and poor governance inevitably escalates to the surface with brand-destroying potential. Governance, Risk and Compliance (GRC) issues form the proverbial thorn in the elephant’s foot, and it’s going to take more than a mouse to get it out.
Governance, Risk and Compliance (GRC) work hand in hand. In Information Technology, the way data and technology are managed are mostly based on the risks faced and adherence to regulation compliance.
GRC efforts must be more strategic, guiding how the entire organisation operates.
Employing multiple, duplicate systems in your organisation inevitably opens up various points of contention during IT auditing, including, but not limited to inaccurate and/or false reports.
Subsequently, this will cause misinformed decision making. Now picture an organisation that has no IT risk management with a perception that simply having IT makes everything better. An organisation could be staring at multi-million losses just because of a single system breach or malfunction.
Earlier this year, a giant social media platform fell under scrutiny for not governing and securing the users’ data properly. Users’ data were collected and without their knowledge, sold to undisclosed third party companies, with the misguided perception of unmalicious intent. However, this lack of data governance and protection has placed them under the spotlight, battling impending lawsuits and face risk of closure. Most importantly, they have slowly lost the trust of their customer users.
How to deliver strategic value while regulating, monitoring and governing our IT systems?
Internally, there are many issues dealt by IT heads in organisations. Sometimes it is challenging to maintain oversight across risks and compliance when using multiple systems which could also lead to failure of meeting regulations or contractual requirements. There are cases where organisations employ numerous systems, causing data silos which could also cause IT auditing issues. These taxing tasks however, could be managed in a single place to avoid more difficulties.
Organisations need to be mindful of regulations such as Service Organisation Control 2 (SOC2) or National Institute of Standards and Technology (NIST) Cybersecurity Framework to avoid any legal issues to arise, internationally or locally. SOC2 compliance regulations specifically pertains to storage of other people’s personal information on the cloud. The NIST Framework deals the management of cyber risks through five steps of Identifying, Protecting, Detecting, Responding and Recovering. Complying to such regulations will not only protect the citizens/users’ information but will also hold the company up to scrutiny. Governance is more than just a way to manage a system, there are several aspects interconnected to one other.
IT Governance is broadly divided into 4 disciplines:
● Governance, Risk and Compliance
● Information Security
● IT Operations
● IT Audit
A good marriage between technology and business is only possible with the help of sound IT Governance. Good IT Governance will help the organisation manage, monitor, and secure information and technology better while also achieving organisational goals. This will also help organisations contain risk at an acceptable level, improve performance and mitigate productivity loss due to business continuity threats.
What needs to be done? How can we strengthen our IT Governance? What will it take to gain a competitive edge?
OpenGov is pleased to invite you to our timely and exclusive Breakfast Insight to discuss and deliberate IT Governance issues with top-level Singapore and international organisations. This will help you to enhance your knowledge, learn from the experiences of your peers, gain insights into the latest tools and practices available today to develop cutting edge strategies, help drive IT governance and mitigate risks in your organisations. This Breakfast Insight endeavours to help your organisation adopt technology smarter, secure data tighter and be compliance-ready.