(NW & IT) Security: A Global Provider s Perspective
|
|
- Aron Davidson
- 7 years ago
- Views:
Transcription
1 ECTA Regulatory Conference 2006 Workshop Data Protection, Retention and Security Issues in the Electronic Communications (NW & IT) Security: A Global Provider s Perspective 15 November 2006, Brussels Marcel Grijsen Director Regulatory Affairs, EMEA
2 Introduction - 1 > Orange Business Services : a Global Provider of (Integrated & Converged) Services & Solutions for Multi National Corporations and International Organizations (MNCs). > Since 1 June 2006 the France Telecom Group re-branded to Orange Business Services for the large corporate customer segment. > Therefore, at commercial level our services are now sold under the Orange Business Services brand name. > But our local licensed operating entities remain Equant companies. > I may use the two interchangeably so please don t be confused! I mean one and the same business.
3 Introduction - 2 > Disclaimer: In my day-to-day Telecommunications Regulatory practice I generally do not work much in the specific area that is covered by today s workshop. > Therefore I am not a specialist by any stretch of the imagination in this domain. > It may be basic, but I hope that my contribution sharing with you some of our experiences and insights from a specific provider s perspective may be valuable regardless.
4 Security is Key: Provider Perspective > Security is an important part of our business, see e.g. Security section on our website: > > We take Security very seriously and it is a key and central part of our business. > Equant has been audited under Sarbanes Oxley rules and holds SAS70 certification. Equant complies with ISO17799 and intends to work towards ISO certification. Equant uses COBIT, ITIL, ISO17799 (BS7799) as security standards in its operations. > Towards Ourselves as a Global Network and Services Provider to MNCs Security is key: Apart from complying with regulatory requirements related to Security, it is only Logical to protect and secure your business core assets, such as our Global Network we would even do it if there were no obligations embedded in regulations to ensure security!! > We regard ourselves as a reliable, trusted and secure Provider to MNCs across the Globe, and hope our Customers share this vision.
5 Equant Security Goals > Ensure business continuity of our customers at all times. > Ensure secured customer traffic over the Equant network backbone. > Prevent and minimize the impact of security incidents on customers through the implementation of appropriate security practices/policies throughout the Equant organization. > Ensure the protection of the Equant network backbone & systems and the network information.
6 Equant Security Organization > Global Security Organization Headed by the Equant Chief Security Officer CSO, responsible of Security governance on the corporate level. > Security Council Created to Establish a corporate vision about security throughout Equant. Its members are first level management representatives > Security Management Organization Responsible of day to day security management and security Engineering. > Security Operations Center (SOC) Monitor the Equant Network & Systems Security & network security incident investigation & mitigation on a 24x7 basis. > Network Infrastructure Security engineering. Responsible for the network infrastructure security engineering projects. > Business Information Security Managers - BISMs The BISMs are security representatives in all Equant organizations, they are the point of contacts with Equant Corporate security and are responsible for integrating security in all business aspects within Equant.
7 Equant Security Policies > Equant has a core security policy which is divided into a number of policies and sub-policies defined on all levels to ensure business continuity and to minimize business damage. > Equant handles Security in a Global manner. Our security programs cover different areas utilizing best business security practices to Equant business and Equant customers and partners business. > Therefore it makes sense for us to develop Global Security Policies to support our Global business. Our business model is not well served by differing, prescriptive, national, Member State level, approaches and local regulations.
8 Equant Backbone Security > Equant has implemented various methods and policies on the Inside, Between and Access to the Equant networks to secure the infrastructure and protect from the main IP network vulnerabilities (DDoS, configuration weaknesses, etc..) - Inside of the backbone networks. - For Backbone Networks Security Hardening and Control. - Between the Backbone Networks. For Isolation and Control. Access to the Backbone Networks. For secure backbone elements Access Control.
9 Equant Security Audit & Assessment > Equant recognizes the need to do regular security audits (External, by internationally recognized auditors and Internal, by Equant security experts) on the backbone network and systems to ensure compliance with the security policies defined. > External audits done by internationally recognized audit firms. > Audit findings and recommendations are used to drive security projects to enhance the security of the network.
10 Security is Key: Customer Perspective > Towards our Customers: Security is key to our Customers and their businesses, e.g. banks. > Our specific focus on serving MNCs across the Globe means that these big global companies are dependent for the security of their business communications, corporate networks (such as IP VPNs) and/or business (critical) applications on Orange Business Services. > Therefore our focus is to not breach this Trust. > In addition: our customers are highly demanding and given their business interests and requirements they will bring Security as a main topic to the negotiation table. This also has an impact as to how we regard the EC proposals as part of the NRF Review. Triggered by our customer experience.
11 Security is Key > In Our Experience, the rules have changed: > Old Rule: only invest in Security if the cost to secure is less than the cost of exposure. > New Rule: If your customers or partners can t trust your business, you will be out of business!!
12 NRF Review > Currently Security is mainly covered in the New Regulatory Framework (NRF) by e.g. Article 23 of the Universal Service Directive and Article 4 of the e-privacy Directive. > Article 4 (1) The provider of a publicly available electronic communications service must take appropriate technical and organisational measures to safeguard security of its services, if necessary in conjunction with the provider of the public communications network with respect to network security. Having regard to the state of the art and the cost of their implementation, ion, these measures shall ensure a level of security appropriate to the t risk presented. > EC Review Proposals range from introducing detailed new provisions on security and integrity at EU level via a mid-way proposal (general security and integrity requirements together with enabling measures) to No changes to the regulatory framework.
13 NRF Review > Get more prescriptive and detailed? Not the right direction in our opinion, move to patch-work Europe?, as we start to gain experiences in this area! > One reason that EC mentions to drive the proposals is a perceived decline in confidence. We do not experience such decline in confidence. In our world Security is a key topic in provider selection process and rest assured that all Security requirements, processes, reporting etc are well covered in agreements between MNCs and their Global Providers, such as ourselves. > Also proposed liability for security problems and notification requirement not applauded by us and far away from our situation where these issues are handled in a satisfactory manner directly between MNC Customer and Provider.
14 The Way Forward - 1 > In our view no need for a major review re Security, at least not one that would be culminating into new, detailed, descriptive levels of regulations. > Describe the principles, high-level, EU standard Guidance, but leave the practical implementations to the operators, especially if you seek to serve Globally it makes a lot of sense to aim for Global policies and solutions. In that way operators can comply in different ways, suiting their respective business models, whereas they remain to be compliant with applicable law! > It would be very helpful if EC undertakes an EU wide study on what the current MS regimes re Security come down to, map these, how these differ, and see whether this has internal market impact, and act upon that. > If anything should be done, the focus should be on harmonizing as much as possible at EU level, while leaving NRAs powers to implement at MS level.
15 The Way Forward - 2 > Possibly exempt the Providers with (Large) Business focus from any new rules, if these would have to be adopted, since our reading of the EC proposals is that these are very much done with a Residential / Consumer interest perspective in the background. > However please note that already today (some) local NRAs already seem to have far-stretching powers and MS deal with Security at National level in a non-transparent way for us. Serious risk, especially for pan-european and Global operators, of being caught in national micro regulatory practices re to Security. > Since Security is key and will remain to be, and looking after Security does not stop at borders, from a pan-european and Global level we d prefer to have high levels of harmonization at EU level: to know what operators have to comply with in a one-stop-shop approach! Cover 25 (soon 27) countries in one go! That is, if something really has to be done to change the current NRF. > - THANKS FOR YOUR ATTENTION -
16
Third party assurance services
TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationNeed to protect your information? Take action with BSI s ISO/IEC 27001.
Need to protect your information? Take action with BSI s. BSI s your first choice for information security. BSI is the business standards company that helps organizations make excellence a habit all over
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationProtecting information minimizing risks. Information Security Management
Protecting information minimizing risks Information Security Management Keeping information safe is an essential premise for sustained success in any business area but how much attention do you pay to
More informationIxonos Cloud Solutions - A Review
Capacity Services Ixonos Plc 2015 TABLE OF CONTENTS TABLE OF CONTENTS... 2 1 Service description... 3 1.1 Environment... 3 1.2 Security services... 4 1.3 Data Center facilities... 5 2 Service levels...
More informationENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was
More informationNeed to protect your business from potential disruption? Prepare for the unexpected with ISO 22301.
Need to protect your business from potential disruption? Prepare for the unexpected with. Why BSI? Keep your business running with and BSI. Our knowledge can transform your organization. For more than
More informationAPES 325 Risk Management for Firms
APES 325 Risk Management for Firms Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: December 2011 Copyright 2011 Accounting Professional & Ethical Standards Board
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationCyber Security solutions
Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside
More informationEUROPEAN COMMISSION DIRECTORATE-GENERAL FOR HEALTH AND FOOD SAFETY
EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR HEALTH AND FOOD SAFETY Ticking the Boxes or Improving Health Care: Optimising CPD of health professionals in Europe 11 February 2016, Brussels Introduction WORKSHOP
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More information8 Best Practices for IT Security Compliance
ROADMAP TO COMPLIANCE ON THE IBM SYSTEM i WHITE PAPER APRIL 2009 Table of Contents Prepare an IT security policy... 4 How are users accessing the system?... 5 How many powerful users are on the system?...
More informationDepartment of the Interior Privacy Impact Assessment
Department of the Interior August 15, 2014 Name of Project: email Enterprise Records and Document Management System (eerdms) Bureau: Office of the Secretary Project s Unique ID: Not Applicable A. CONTACT
More informationHow To Get A Better Price For Your Phone In Orange (European)
Data Centre Networking at Orange Business analysis Roberto Kung vice president research center core network, Orange Labs First Workshop on Data Center - Converged and Virtual Ethernet Switching (DC CAVES),
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More informationIs securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012
Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012 Make protection of personal information your priority and safeguard your reputation. Comply
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationSubmission to Standing Committee of Officials Of Consumer Affairs (SCOCA) on draft Australian Consumer Law Regulations
Submission to Standing Committee of Officials Of Consumer Affairs (SCOCA) on draft Australian Consumer Law Regulations October 2010 1 1. About the Australian Direct Marketing Association ADMA is the peak
More informationThe Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationAccredited Body Report CPA Australia. For the period ended 30 June 2013
Accredited Body Report CPA Australia For the period ended 30 June 2013 Financial Markets Authority Website: www.fma.govt.nz Auckland Office Level 5, Ernst & Young Building 2 Takutai Square, Britomart PO
More informationRegulatory Impact Assessment (RIA) Date: /08/15 Type of measure: Subordinate Legislation Lead department or agency: Department for Social Development
Title: Charities accounts: independent examination and audit thresholds Regulatory Impact Assessment (RIA) Date: /08/15 Type of measure: Subordinate Legislation Lead department or agency: Department for
More informationThe State Of PCI Compliance
September 2007 The State Of PCI Compliance A commissioned study conducted by Forrester Consulting on behalf of RSA, the Security Division of EMC Table Of Contents Executive Summary...3 Introduction...4
More informationPosition Description
Position Description POSITION TITLE Risk and Compliance Coordinator POSITION NO 500024 DIRECTORATE DEPARTMENT UNIT REPORTS TO Corporate Services Organisational Development Risk and Compliance Manager Organisational
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationApplication management services that power business transformation
SOLUTION MAP Application management services that power business transformation Protecting business reputation and revenue through superior application performance Application management for IT and business
More informationISO 27001 Gap Analysis - Case Study
ISO 27001 Gap Analysis - Case Study Ibrahim Al-Mayahi, Sa ad P. Mansoor School of Computer Science, Bangor University, Bangor, Gwynedd, UK Abstract This work describes the initial steps taken toward the
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationMassachusetts MA 201 CMR 17.00. Best Practice Guidance on How to Comply
Massachusetts MA 201 CMR 17.00 Best Practice Guidance on How to Comply Massachusetts MA 201 CMR 17.00 Best Practices for Compliance 1 Overview MA 201 CMR 17.00 has been in the news for the last 18 months.
More informationContents Company overview Partnering with CCE Service offerings Accreditations Service coverage ISO compliance
Partner Capability Contents Company overview Partnering with CCE Service offerings Accreditations Service coverage ISO compliance Company overview About us CCE is one of the UK s largest independent IT
More informationPresentation on COBIT Education
http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission
More informationHow to Design and Manage ITIL
www.ijcsi.org 185 Towards a pooling of ITIL V3 and COBIT Samir BAHSANI 1, Abdelaali HIMI 2, Hassan MOUBTAKIR 3 and Alami SEMMA 4 1 Department of Mathematics and Computer Science, Faculty of Science and
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationIl nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità
Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationMarket Watch. Further observations from suspicious transaction reporting (STR) supervisory visits. Contents
Financial Conduct Authority Market Watch Newsletter on market conduct and transaction reporting Issues April 2016 / No. 50 Contents Further observations from suspicious transaction reporting (STR) supervisory
More informationSecuring business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security
Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...
More informationPROCEDURES FOR ENVIRONMENTAL AND SOCIAL APPRAISAL AND MONITORING OF INVESTMENT PROJECTS
PROCEDURES FOR ENVIRONMENTAL AND SOCIAL APPRAISAL AND MONITORING OF INVESTMENT PROJECTS Approved 10 July 2015 CONTENTS 1. INTRODUCTION 1 2. OVERVIEW OF THE ENVIRONMENTAL AND SOCIAL APPRAISAL AND MONITORING
More informationWHITE PAPER. How to simplify and control the cardholder security environment
WHITE PAPER How to simplify and control the cardholder security environment Document Version V1-0 Document Set: QCC Information Security Prepared By Nick Prescot - QCC Information Security Ltd Sponsored
More informationSUNGARD B2B PAYMENTS AND BANK CONNECTIVITY STUDY INNOVATIONS TO OVERCOME COMPLEXITY-DRIVEN FRAUD EXPOSURE AND COST INCREASES
SUNGARD B2B PAYMENTS AND BANK CONNECTIVITY STUDY INNOVATIONS TO OVERCOME COMPLEXITY-DRIVEN FRAUD EXPOSURE AND COST INCREASES CONTENTS 3 Study Scope 3 Respondent profile 4 Key Findings 5 Structure 5 A global
More informationJuly 2015. New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity
July 2015 New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity The new health economy is bringing change and new entrants from diverse industries are
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationthe paris office Elizabeth Naud and Luc Poux, architects
the paris office Elizabeth Naud and Luc Poux, architects dllp Our commitment is to be the definitive source of practical advisory services and our clients most powerful advocates. DECHERT LLP In-depth
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationA blueprint for an Enterprise Information Security Assurance System. Acuity Risk Management LLP
A blueprint for an Enterprise Information Security Assurance System Acuity Risk Management LLP Introduction The value of information as a business asset continues to grow and with it the need for effective
More informationWorkshop materials Completed templates and forms
Workshop materials Completed templates and forms Contents The forms and templates attached are examples of how a nurse or midwife may record how they meet the requirements of revalidation. Mandatory forms
More informationBenchmark of controls over IT activities. 2011 Report. ABC Ltd
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
More informationCONTENTS I. CONDITION, DEVELOPMENT AND PROSPECTS OF THE TELECOMMUNICATIONS MARKET
CONTENTS I. CONDITION, DEVELOPMENT AND PROSPECTS OF THE TELECOMMUNICATIONS MARKET 1. Internet access services...46 1.1 Development of the market...46 1.2 Number of hosts...46 1.3 Number of users...47 1.4
More informationThe Regulatory framework and VoIP. Merijn Schik, DG INFOSOC
The Regulatory framework and VoIP Merijn Schik, DG INFOSOC Disclaimer This presentation is personal to its author and does not necessarily reflect the official position of the Commission No inferences
More informationTHE CHANGING ENVIRONMENT FOR TRANSFER PRICING DOCUMENTATION. Action 13 documentation and reporting requirements
FEBRUARY 2015 THE CHANGING ENVIRONMENT FOR TRANSFER PRICING DOCUMENTATION A summary of the OECD recommendations including the latest on Country-by-Country Reporting On February 6, 2015 the Organisation
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationProduct Recall. Written by Michael Lincoln and Donna Niblock. The Liberty White Paper Series
Product Recall Written by Michael Lincoln and Donna Niblock The Liberty White Paper Series Executive Summary The growth of the global supply chain in recent years has had a significant impact on managing
More informationMarketing and Communications Manager. 1028 Heslerton Road, Dunsandel, Canterbury
Position Reports to Brand Manager Marketing and Communications Manager Company Synlait Milk Ltd Date: December 2012 Location 1028 Heslerton Road, Dunsandel, Canterbury Purpose To be Synlait Milk s brand
More informationSymantec Residency and Managed Services
Symantec Residency and Managed Services Flexible options for staff augmentation and IT out-tasking Symantec Global Services Confidence in a connected world. Symantec Residency and Managed Services provide
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationProtecting your business interests through intelligent IT security services, consultancy and training
Protecting your business interests through intelligent IT security services, consultancy and training The openness and connectivity of the digital economy today provides huge opportunities but also creates
More informationOccupier perspective Workplace strategies Focus on people March 2014
Occupier perspective Workplace strategies Focus on people March 2014 Creating a workplace strategy is one of the first and most important elements of portfolio / real estate strategy, which allows organisations
More informationProf. Udo Helmbrecht
Prof. Udo Helmbrecht Guiding EU Cybersecurity from Policy to Implementation Udo Helmbrecht Executive Director Information Security for the Public Sector 2015 Stockholm 02/09/15 European Union Agency for
More informationClient Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management
Global Information Technology & Communications Privacy, Data Protection and Information Management Client Alert Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions www.bakermckenzie.com
More informationCONDUCTING GLOBAL CLINICAL RESEARCH TRIALS:
CONDUCTING GLOBAL CLINICAL RESEARCH TRIALS: COMPARING AND CONTRASTING FDA MEDICAL DEVICE REGULATIONS FOR CLINICAL INVESTIGATORS WITH ISO 14155:2011 Introduction Today s clinical research landscape for
More informationAn ICS Whitepaper Choosing the Right Security Assessment
Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available
More informationNew Relic EU Data Protection Whitepaper
New Relic EU Data Protection Whitepaper November 2015 New Relic, Inc. 188 Spear Street San Francisco, CA 94105 1 Table of Contents I. Introduction II. Purpose III. Overview of Directive 95/46/EC IV. New
More informationWHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationPreparing for Unannounced Inspections from Notified Bodies
Preparing for Unannounced Inspections from Notified Bodies Europe has introduced further measures for unannounced audits of manufacturers by notified bodies. With this in mind, James Pink, VP Europe-Health
More informationRE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards
May 12, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 20006-2803 RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationNeed to protect your information? Take action with BSI s ISO/IEC 27001.
Need to protect your information? Take action with BSI s ISO/IEC 27001. Put sensitive customer and company information in the safe hands of ISO/IEC 27001. You simply can t be too careful when it comes
More informationSupporting information technology risk management
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
More informationWhat is SEPA? Fact Sheet. Streamlining Payments in Europe
Fact Sheet Streamlining Payments in Europe The Single Euro Payments Area (SEPA) is the area where citizens, companies and other economic players will be able to make and receive payments in euros (whether
More informationASIC Class Order [CO 05/1122] Proposed class order relief for providers of generic financial calculators. Regulation impact statement (RIS)
ASIC Class Order [CO 05/1122] Proposed class order relief for providers of generic financial calculators Regulation impact statement (RIS) December, 2005 What this regulation impact statement is about
More informationINTUG Position. The economic and social benefits of providing business users with a single market for telecommunications
INTUG Position The economic and social benefits of providing business users with a single market for telecommunications September 2013 INTUG Position The economic and social benefits of providing business
More informationOrange Polska Code of Ethics
Orange Polska Code of Ethics our conviction The fundamental ethical standards and values people should follow in their mutual relations both private and business have been known and unchanging for centuries.
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationIIA/ISACA Bermuda 2014 Annual Conference Cyber Security. Legal Considerations of Cyber Security For Bermuda Based Organizations
IIA/ISACA Bermuda 2014 Annual Conference Cyber Security Legal Considerations of Cyber Security For Bermuda Based Organizations KPMG Bermuda Crown House Par-la-Ville Road Hamilton, Bermuda October 3 rd,
More informationGETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS
Embedded Systems White Paper GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS September 2009 ABSTRACT Android is an open source platform built by Google that includes an operating system,
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationInformation security due diligence
web applications and websites W A T S O N H A L L Watson Hall Ltd London 020 7183 3710 Edinburgh 0131 510 2001 info@watsonhall.com www.watsonhall.com Identifying information security risk for web applications
More informationDIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations
DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European
More informationGovernance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009
Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009 JASON C. RICHARDS CHIEF INFORMATION SECURITY OFFICER VIRGINIA COMMUNITY COLLEGE SYSTEM
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationEntrepreneurs Programme - Business Growth Grants
Entrepreneurs Programme - Business Growth Grants Version: 15 July 2015 Contents 1 Purpose of this guide... 4 2 Programme overview... 4 2.1 Business Management overview... 4 3 Business Growth Grant... 5
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationProtecting Malaysia in the Connected world
Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE
More informationE-Learning Courses. Course Category
Course Category Health and Safety E-Learning Courses Course Title Creating a Safe and Healthy Office Fire Safety at Work Health and Safety at Work Health and Safety for Managers Course Description The
More informationISO/IEC 27001:2013 Your implementation guide
ISO/IEC 27001:2013 Your implementation guide What is ISO/IEC 27001? Successful businesses understand the value of timely, accurate information, good communications and confidentiality. Information security
More informationBuckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice
Buckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice 1 Introduction 1.1 Buckinghamshire County Council (BCC) Transportation Service has Automatic Number Plate Recognition
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationImplementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com
Implementing and monitoring effective compliance policies & procedures charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients
More information