Governance, Risk Management and Compliance (GRC)
|
|
- Beatrix Owens
- 8 years ago
- Views:
Transcription
1 Dealing with GRC in an increasingly complex information -centric world October 2013 An organisation has multiple stakeholders that need to be communicated with or reported to on a regular basis. Employees, partners, customers and suppliers are part of this community, alongside shareholders, trade and government bodies. Ensuring that all the stakeholders information needs are met requires a holistic approach to managing information the creation of a GRC platform. Clive Longbottom Quocirca Ltd Tel : Clive.Longbottom@Quocirca.com Rob Bamforth Quocirca Ltd Tel: Rob.Bamforth@Quocirca.com Copyright Quocirca 2013
2 Governance, Risk Management and Dealing with GRC in an increasingly complex information-centric world GRC is not a single issue it is a complex mix of needs A GRC platform needs to be set against an organisation s risk profile Information silos are here to stay but create GRC problems Data is data it needs to be distilled into information and then knowledge GRC involves a range of issues covering internal and external information management and reporting. Good GRC enables an organisation to keep its internal stakeholders (employees, contractors, consultants) informed, while also enabling smooth information exchange along the value chain of suppliers and customers. It also enables an organisation to meet its multiple requirements against external compliance whether these are to meet the needs of a body such as the ISO or the legal needs of central government bodies. A total GRC platform may be beyond the financial reach of many organisations. Each organisation should ensure that it understands its own stance on how much risk it is willing to carry at a corporate and individual company officer level, and what this means as to how much it has to invest in any GRC platform. However, IT should ensure that the basic IT platform mitigates as much information risk as possible through providing an all-round view of available information sources. Applications, by their very nature, will create data in their own environment. Equally, end users will create documents and other files on file servers that are not easily mined in the same way as database sources. Implementing a system that monitors information streams and creates a complete index of information provides an overall view of the organisation s corporate information assets. Data on its own has little value, and imprecise or wrong data can dilute any possible value gained through analysis. Data sources need to be checked and cleaned to ensure that data that should refer to the same object is correctly linked. Master data management (MDM) is a way to achieve this, creating single views on referential data such as customer and supplier names, product items and so on. A suitable approach not only helps GRC, but also corporate decision making A GRC platform moves away from a perception of capability Creating a platform where information can be regarded as a single pool of resource enables better GRC, but it also provides better analysis of the information to aid in corporate decision making. A single platform covering all information management needs is possible and the value obtained from it will help define an organisation s success in the markets, as well as its capabilities to meet its GRC needs. Point solutions tend to lull an organisation into a belief that they have compliance with the needs of a single GRC issue, such as DPA. However, in many circumstances, these point solutions do not have any reference to other GRC needs and, as such, one solution could actually break the rules around another data management issue. A suitable GRC platform should be granular enough to ensure that any person only views what they are allowed to see, so maintaining compliance across all areas. Conclusions GRC is a complex and increasingly onerous issue that organisations are struggling to deal with. The only real way to manage the multiple different aspects of GRC is to create an overall information management platform that ensures searching, analysis and reporting is carried out across all information sources available to an organisation. Such a GRC platform can transform how an organisation operates; internally, externally and legally. A suitable platform also enables better, faster decision making, creating a more competitive organisation. Quocirca
3 GRC it s a mix of things Many seem to believe that governance, risk management and compliance (GRC) is actually one thing wrapped up three different ways. The focus seems to be on the legal aspects of managing a business, in making sure that the organisation is governed in a manner that minimises the risks of not being compliant, so avoiding fines and possible sanctions against the organisation s senior employees. However, this should not be the case. There are different aspects that should be borne in mind, as follows: Internal governance An organisation will have a set of ideals and rules that everyone involved with the business should follow. These may be set out as part of a corporate social responsibility (CSR) statement, as part of an overall mission statement, may be access to certain information such as regular performance updates and statements of trading conditions, or may be unwritten understandings between the organisation s stakeholders (employees, customers, suppliers and shareholders) as to what is expected from the business on being able to access information needed. The organisation must be in the position to quickly and cost-effectively provide the information needed to meet these needs it has to be able to provide a suitable level of governance against its own needs. External governance As well as maintaining the needs of its own stakeholders as to their information needs, an organisation may choose (or have demands placed upon it by its own customers) to partake in market-specific accreditations, such as ISO or BS standards. These are not necessarily legal requirements, but are helpful in meeting the needs and perceptions of others in order to help bring them on or maintain them as customers. For example, the ISO 9000 family of standards are the most widely accepted measure of whether an organisation has management processes in place that can help ensure consistency and quality of product or services. Many other organisations, particularly in the retail space, will want to be able to demonstrate that they adhere to requirements placed upon them by original equipment manufacturers and others so that they can use an accreditation flag or other demonstration of additional capability to differentiate themselves from their competition. Risk management Essentially, an organisation has to be able to understand its own corporate risk profile in order to be able to manage the risks appropriately. As in life generally, it is impossible to completely eliminate risk from everything, but making sure that the variables concerning risk are known and the costs to the business should the risk not be managed will help in ensuring that suitable management can be put in place. In many cases, the risks involved are down to how information is managed. This may be through data leakage; not being compliant to either internal, external or legal policies; or through poorly optimised usage of the information assets. Legal compliance There is an increasing legal load being placed on organisations. Statutory documents such as corporate accounts must be delivered to central bodies by specific times; in the UK, the new move to pay as you earn (PAYE) in real time (known as RTI) means that certain information has to be made available to HMRC as soon as an employee is paid any monies. In the finance sector, the Financial Services Authority has been replaced with the Financial Conduct Authority, which requires documents to be delivered centrally according to the Capital Requirements Directive (CRD) instituted under Solvency II and Basel III. Pharmaceutical companies are required by the FDA to be able to deliver reports on drug tests. Automobile companies increasingly need to be able to aggregate data and instigate vehicle recalls for remedial actions to be carried out. Food companies are in a similar position if a problem in food quality has been identified, then Quocirca
4 central bodies will require that an organisation can quickly and effectively provide reports on the whole chain of where the food was sourced and processed, how it was moved through the different stages of logistics, and how it was stored and managed in the shop itself. Every organisation falls under data protection laws. If there is a breach of data security, it may be a case of dealing with all the above aspects of internal and external governance, risk management and legal compliance in order to deal with the issue. Speed will be of the essence but it will be effective speed that is required to prove to all concerned that the problem has been contained and that lessons have been learned. Even better would be to prevent the issue from occurring in the first place. Every organisation will have some legal requirements for reporting; most will have multiple issues they are dealing with. Herein lies the problem an approach of dealing with data and information problems as a set of different issues is doomed to failure. GRC needs a joined-up approach; one that looks at all available information from many different sources, yet does it all transparently and rapidly to meet the organisation s needs. The problem is that standard data reporting, such as existing business intelligence (BI) systems, do not work well in these situations. BI tends to look only to relational data and this is only a small proportion of the information an organisation now has stored. Office documents, s, web searches and other information assets need to be included in the GRC actions and this needs a more complete and embracing platform to be in place. Silos don t work If you Google for data protection act software, you will get nearly 19 million items back. Likewise, capital requirements directive software results in over 2.5 million; retail product recall software gives nearly 9 million results. Each of these is trying to deal with a specific issue. This best of breed approach used to be the way that organisations looked at acquiring technology solutions: the idea was that by going for the best system in each area, then the company would be able to out-perform its competitors. However, this may not work in today s businesses. As an example, let s take a product recall. The original product manufacturer identifies an issue that requires a product recall maybe a power supply that runs a risk of overheating. The manufacturer could put out adverts in as many outlets as possible asking people to return the item for fixing or refund. This runs the risk of gaining a small return many of the items concerned could still be out there as the owners don t see the recall notice or assume that it doesn t apply to them. Far better for the manufacturer to go to its resellers and get them to use their customer data to identify every buyer and get in contact directly with them and provide them with data as to how to return the item, knowing that as many buyers as possible are then contacted directly. This may be a multi-tier environment, however the manufacturer may have gone through distributors who may have gone through second-tier distribution to multiple resellers. It would be quite easy for a problem to arise in such a complex process where information was made available outside limits previously agreed with the customer and now the data protection act becomes part of the equation. Unless the product recall system is completely aware of and compliant with the data protection act requirements, it is a useless system. If the channel partners are provided with information that the customer has not agreed to be made available to third parties, then laws may have been broken and the product recall moves from being a corporate brand issue to a legal issue. The perception of capability may have been provided through the chosen system the actual issue of product recalls has been dealt with but the overall problem, that of dealing with data as intellectual property and as personally identifiable data (PID) that has an inherent value to the original owner, has been missed. Quocirca
5 Another example: shareholders require regular reports on the financial shape of the organisation. If this is based purely on reporting hard figures against the accounting package used by the organisation, then a picture will be provided to the shareholder. However, if other information is available to the organisation that shows that the picture is not complete for example, that the company s largest customer has just gone into liquidation or that problems with a supplier means that production of stock is compromised the report to the shareholders may be misleading. The lack of full disclosure to shareholders is an increasing issue class actions have been brought against companies that have not disclosed all the information available to them. For example, timber company Gunns in Tasmania has had a class action against it and its CEO about his trading of shares in the business when he was in possession of information that he did not make available to other shareholders. Before the banking crisis hit, financial auditors in the UK and the US missed key information that should have raised greater questions and then more scrutiny of the banks, and have found their processes being questioned by central government bodies. Similarly, the financial rating agencies have been severely criticised for basing their ratings on a subsample of information, again leading to the banks being given clean bills of health where better scrutiny of the available information would have led to different and probably better conclusions. It is far better to move to an environment that has data and information management built-in; one where the various governance, risk and compliance demands placed on an organisation can be dealt with by building a set of rules over the platform, rather than building new platforms every time a new requirement is identified. Risk profiling It is a waste of time implementing a GRC platform until the organisation has defined its own risk profile. This may seem like a statement of common sense, but Quocirca finds that many organisations do not have such a profile in place. An organisation s risk profile needs to cover several areas, based on the GRC items outlined earlier. Many organisations find themselves in a highly competitive market and will be loath to carry much risk to their brand. Others will be in a highly regulated environment and will not want to carry much legal risk. However, there is always a balance to be reached maintaining complete data security is impossible, and whereas basic security can be implemented at relatively low cost, each extra level of security starts to lead towards exponential costs. The same needs to be applied to brand value and any predictable costs of brand damage. Therefore, an organisation needs to identify the point at which expenditure on the solution becomes more expensive than the expected cost of the problem itself. As an example, let s look at the issue of the Data Protection Act. In theory, any organisation could be fined 500,000 for a serious breach of the terms of the act, along with the threat of prison terms for those involved. There has been some major fines to date two men trading as Tetrus Telecoms were fined 440,000 for running one of the largest spam-mail systems known using data illegally obtained; the Brighton and Sussex University Hospitals NHS Trust was fined 350,000 after hard drives were found for sale on ebay with sensitive data still on them; and many more fines being in the tens of thousands of pounds level. Fines have been far higher than they were since 2010, when the Information Commissioner s Office (ICO) was given increased powers in how it could deal with data breaches. In this case, it is worth an average company investing in ensuring that it adheres to DPA regulations the fine has been pitched high enough to make it hurt should an organisation find itself on the wrong side of the law. However, compare this with an organisation such as a bank. It may be carrying highly sensitive details of millions of individuals, and if it somehow managed to let all of these details into the public arena by accident, it would face the same fine a maximum of 500,000. With banks profits running in the billions of pounds, this fine can be looked at essentially as a rounding error the fine will have no material impact on the business. However, the brand would take a massive hit, and it therefore looks like it would still be worthwhile a bank ensuring that its data is securely held. History has shown that retail bank customers are sticky, however the majority will still stay with a bank even where Quocirca
6 it has had considerable bad publicity. If the bank can predict closely enough how many customers it is likely to lose and what value they have to the bank, it can calculate how much it should invest in GRC without overspending on the solution. A similar approach can be seen in telecommunication and utility companies. Here, they are used to a high churn in customers particularly with telecommunications companies where consumers change provider on a far more regular basis as better device offers and service pricing is offered to them. Therefore, brand value is often based more a priceper-service model (an overall offer that is lower priced than the competition), rather than on a value-add one (what the provider does better than the competition). In this case, many areas of GRC are seen more along the lines of insurance policies, rather than strategic investments and corners will be cut where the organisation feels that it is happy to carry the risk. There is also the personal aspect of any breach of legal compliance. Whereas previously, the risk has been carried purely by the organisation concerned, there is now the capability for a court to find the officers (directors and other senior staff) personally responsible for certain breaches. Now, legal compliance around information can result in personal fines or even prison terms information management has to be taken more seriously. So, with risk profiling, it is down to an organisation to understand the balance between the hard costs of fines and personal responsibility in any legal sense with the softer risks of loss of customers and investors against the overall cost of any solution that mitigates the problem. Only the business can make this decision but the IT platform that it depends on should be capable of mitigating the issue as far as possible in the first place. Each organisation will have to have its own profile and will then have to choose an overall technical solution that meets the needs of the profile. Again, building a collection of disparate solutions will introduce technical risk leading to business risk in missing out on being able to monitor, measure and report on important areas. However, a costeffective platform can be put in place that works on identifying, indexing and searching against all available information sources within an organisation and its value chain. Building a GRC platform Governance, risk management and compliance revolve around having sufficient control of your information assets. The only way to control information assets is to be in a position to know what those assets are and where they are at any particular time. Using point solutions such as those aimed at providing DPA, ISO or PCI DSS compliance will show you what assets you have and where they are as needed by that system under consideration, but will tend to ignore anything that it perceives as being outside of its needs. Therefore, there will be no one system of record that can be used to take an overall view of an organisation s information assets. Therefore, managing the information to meet the organisation s GRC needs will be far more difficult than it should be, if not impossible. It is therefore necessary to put in place a capability to identify and index all information that is available and needed by an organisation to meet its overall GRC needs. Streams of data should be identified as to the type of data they are (text, formal data, image, video, voice, etc.) Where possible, implicit information should be teased out, such as through looking at inherent structures to what may appear to be unstructured information, or using the underlying extensible markup language (XML) formats of office documents. Meta data should be added wherever possible, either through automated tagging based on contextual knowledge of the information (e.g. that it is a picture that came in through a search for a specific item; that it is a voice file that was created through a conversation with a specific customer). Quocirca
7 Classification of data should also be included. The majority of information within an organisation will be of little corporate value, and can therefore be classified Public. Some will have a degree of commercial aspect to it, such as agreements between the organisation and a supplier, in which case it should be classified Commercial in confidence. Some may be of a higher security level, maybe requiring a Secure classification, whereas other data, such as details of mergers and acquisition activity, will only be available to named people and will need a classification of For your eyes only. Interdependencies between applications need to be defined, so that core referential data paths can be identified and tracked. For example, if a customer s name and address appears in more than one database, then these need to be identified and linked, preferably through the use of master data management (MDM) so that any action taken on a customer s record is reflected throughout the organisation s systems. MDM also enables easier cleansing of data, with errors across multiple different records, for example John Smith and Jon Smith being the same person, being more identifiable. Through indexing all of the information available, reporting then becomes far more easy and effective. Carrying out a search against a fully indexed data store that is also fully classified enables a full view of information that a specific person is allowed to see. For example, the search may result in 1,000 results, but 250 of these are outside of the security level of the person. Therefore, they will either see only the 750 results or a redacted set of 1,000 results. The problem with only presenting 750 results is that the other 250 may be critical to the decision about to be made. Providing an indication that there is other data available that may impact the decision at least allows the person to refer the decision up to someone who has the security clearance to see the other 250 results. A major benefit of creating a solid GRC platform is that it enables rules to be put in place for demonstrating compliance in different areas. For example, should there be a need for legal disclosure around demonstrating that the organisation is meeting its data protection requirements, a single rule can be set up that acts against the corporate data set, rather than against each application and information store separately. It also then means that a data protection officer only sees the data that they are allowed to see. The person responsible for reporting on ISO 9000 will only see what they need to see, maintaining internal data policies. The person responsible for producing financial reports will see what they are allowed to see; the HR person what they are allowed to see; the patent officer what they need to see each without the issues of providing them with more data than they should be able to access. Conclusions GRC is becoming more inclusive, as well as more onerous. The legal aspects of not managing information correctly are becoming harsher, with financial and personal penalties being significant. Point solutions aimed at managing single issues, such as DPA solution, an ISO 9000 or a financial information security solution such as PCI DSS, can end up as a set of ill-fitting mismatched jigsaw pieces that actually open the business up to more legal issues than they solve. However, the perception of compliance that point solutions provide can lull an organisation into a sense of false security: it may only be when a legal case is brought to bear that it is found that the system is not fit for purpose. Any GRC platform put in place has to meet the needs of the all the stakeholders involved: employees, suppliers, customers, shareholders, external trade standards and compliance bodies and central government bodies. An organisation has to regard its information as a single resource any other approach will just lead to information sources being left out from reporting and decision making processes. A comprehensive GRC platform will not only ensure that an organisation meets its various GRC needs; it will also create an environment where decision making is more rapid and more effective and so provide greater competitiveness in the market. Quocirca
8 About CommVault A singular vision a belief in a better way to address current and future data management needs guides CommVault in the development of Singular Information Management solutions for high-performance data protection, universal availability and simplified management of data on complex storage networks. CommVault's exclusive single-platform architecture gives companies unprecedented control over data growth, costs and risk. CommVault's Simpana software suite of products was designed to work together seamlessly from the ground up, sharing a single code and common function set, to deliver superlative Data Protection, Archive, Replication, Search and Resource Management capabilities. More companies every day join those who have discovered the unparalleled efficiency, performance, reliability, and control only CommVault can offer. Information about CommVault is available at CommVault's corporate headquarters is located in Oceanport, New Jersey in the United States.
9 REPORT NOTE: This report has been written independently by Quocirca Ltd to provide an overview of the issues facing organisations seeking to maximise the effectiveness of today s dynamic workforce. The report draws on Quocirca s extensive knowledge of the technology and business arenas, and provides advice on the approach that organisations should take to create a more effective and efficient environment for future growth. About Quocirca Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-world practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption the personal and political aspects of an organisation s environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to provide advice on the realities of technology adoption, not the promises. Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocirca s mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time. Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community. Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocirca s clients include Oracle, IBM, CA, O2, T-Mobile, HP, Xerox, Ricoh and Symantec, along with other large and medium sized vendors, service providers and more specialist firms. Details of Quocirca s work and the services it offers can be found at Disclaimer: This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca may have used a number of sources for the information and views provided. Although Quocirca has attempted wherever possible to validate the information received from each vendor, Quocirca cannot be held responsible for any errors in information received in this manner. Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented here, including any and all consequential losses incurred by any organisation or individual taking any action based on such data and advice. All brand and product names are recognised and acknowledged as trademarks or service marks of their respective holders.
Room for improvement. Building confidence in data security. March 2015
Building confidence in data security March 2015 Businesses have no choice but to engage online with users from external organisations and mobile workers; that is the way the world now operates. Transacting
More informationThe adoption of cloud-based services
Increasing confidence through effective security July 2013 There is much research to show that the adoption of cloud-based services is now widespread. It is also widely reported that the foremost concern
More informationBeyond Big Data The New Information Economy
Beyond Big Data The New Information Economy Many IT vendors and end-user organisations have been banging the drum about big data, as if this is the ultimate answer to everything. However, information is
More informationFrom NO to KNOW. The secure use of cloud-based services. July 2015
The secure use of cloud-based services July 2015 Attitudes to cloud-based services vary, but over time there has been increasing uptake as the benefits are recognised by more and more businesses. Those
More informationAnalytics exploration today and tomorrow
The evolution of analytics to meet with an organisation s needs February 2014 Existing analytics approaches meet point needs for specific roles within an organisation. However, how analysis is carried
More informationManaging carbon reduction across your data centre assets
Managing carbon reduction across your data centre assets Taking steps towards meeting the legal challenge of carbon reduction within data centres in a sensible, cost effective and sustainable manner. November
More informationWhen Data Center Layers Converge
Pulling together the physical, logical and virtual aspects of today s IT platforms. January 2014 The software defined data center (SDDC) is poised to redefine modern data centers, from large to small.
More informationMobile Expense Management
Taking the big picture view to ensure mobile budgets are spent wisely March 2013 Managing mobile costs is a challenge for all organisations, especially as responsibilities and budget authority often sit
More informationOptimising the data warehouse
Dealing with large volumes of mixed data to give better business insights October 2013 Data warehouses are struggling to keep pace with the growth of data volumes and the different types of information
More informationThe mid-market conundrum
How to achieve best-in-class IT application delivery with limited resources June 2013 Mid-market organisations live or die by the quality of the applications that drive their business operations; from
More informationManaged print services: An SMB priority
Managed print services: An SMB priority Escalating print costs and demand on IT resources drive the need for managed print services September 2011 Small and Medium Businesses (SMBs), like larger enterprises,
More informationManaged Print Services in the Cloud
Managed Print Services in the Cloud Driving cost reduction and efficiency with managed print services hosted in the cloud June 2014 The office workplace has undergone a dramatic change in recent years.
More informationGetting expense management right
Managing expenses is complicated and requires deep knowledge and expertise. For an organisation to attempt to cover all the bases internally, it may be more expensive than it thinks. January 2014 More
More informationB2B Integration and Inter-Industry collaboration
Integrating and monitoring business-to-business (B2B) value chains through the use of external services. September 2012 Increasing globalisation and diversity of both the suppliers and customers a given
More informationIT Management for Small Businesses Using third parties to help take the strain
QUOCIRCA INSIGHT REPORT July 2007 Contacts: Louella Fernandes Quocirca Ltd Tel +44 1753 754838 louella.fernandes@quocirca.com Bob Tarzey Quocirca Ltd Tel +44 1753 855794 bob.tarzey@quocirca.com RESEARCH
More informationTaking the Fast Track to Enterprise Search and ediscovery
A CommVault Business-Value White Paper Taking the Fast Track to Enterprise Search and ediscovery A white paper that challenges the traditionally held view that organizations must archive information to
More informationKeeping mobile data flowing
Keeping mobile data flowing Mobile data application delivery control February 2010 Due to competitive pressure and demand from subscribers, mobile network operators have had to handle an ever-increasing
More informationSustainability through Managed Print Services
Sustainability through Managed Print Services How MPS helps businesses gain business and environmental efficiency March 2012 Many organisations are turning to managed print services (MPS) to optimise the
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationSymantec Enterprise Vault
Store, Manage, and Discover Critical Business Information The pressure on organizations to protect and manage data has intensified with the recent growth in unstructured data and the reliance on email
More informationGetting a head start in Software Asset Management
Getting a head start in Software Asset Management Managing software for improved cost control, better security and reduced risk A guide from Centennial Software September 2007 Abstract Software Asset Management
More informationTapping the benefits of business analytics and optimization
IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping
More informationChannel Managed Print Services
Channel Managed Print Services A review of European MPS programmes November 2012 Louella Fernandes Quocirca Ltd Tel : +44 07786 331924 Email: Louella.Fernandes@Quocirca.com Clive Longbottom Quocirca Ltd
More information3 Questions Every CIO Should Ask About Virtual Server Data Protection
3 Questions Every CIO Should Ask About Virtual Server Data Protection February, 2013 Contents Why CIOs Care... 3 What Every CIO Should Know... 4 3 Questions to Ask... 5 CommVault Simpana Software... 6
More informationIdentifying Broken Business Processes
Identifying Broken Business Processes A data-centric approach to defining, identifying, and enforcing protection of sensitive documents at rest, in motion, and in use 6/07 I www.vericept.com Abstract The
More informationUnderstanding the impact of the connected revolution. Vodafone Power to you
Understanding the impact of the connected revolution Vodafone Power to you 02 Introduction With competitive pressures intensifying and the pace of innovation accelerating, recognising key trends, understanding
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationWHITEPAPER. Why Dependency Mapping is Critical for the Modern Data Center
WHITEPAPER Why Dependency Mapping is Critical for the Modern Data Center OVERVIEW The last decade has seen a profound shift in the way IT is delivered and consumed by organizations, triggered by new technologies
More informationAccenture CAS: Solution Implementation Making change happen
Accenture CAS: Solution Implementation Making change happen Rooted in a strong culture of client service and success, our smart, committed and experienced professionals collaborate as global teams to create
More informationEnhancing Application Protection and Recovery with a Modern Approach to Snapshot Management
Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management A CommVault Business Value and Technology White Paper which covers leveraging a modern approach to managing snapshots
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationMAKING CONTENT THE CENTER OF A DIGITAL STRATEGY
BY EXECUTIVES, FOR EXECUTIVES A VIEW FROM THE TOP MAKING CONTENT THE CENTER OF A DIGITAL STRATEGY FEATURING DAWN COLOSSI, SENIOR DIRECTOR WW DIGITAL MARKETING INSIGHT INTO B2B MARKETING TRENDS, KEY INSIGHTS
More informationThe CIO Guide to Virtual Server Data Protection
The CIO Guide to Virtual Server Data Protection Server virtualization is changing the face of the modern data center. CIOs are looking for ways to virtualize more applications, faster across the IT spectrum.
More informationA Ready Business has total visibility and control. Seamlessly manage your global telecommuncations in a secure environment
A Ready Business has total visibility and control Seamlessly manage your global telecommuncations in a secure environment 2 We live in a world of rapid and unpredictable change 22% Only 22% of businesses
More informationSimply better banking
Simply better banking How does a bank make the right impression on customers? Did you know that Xerox: Processed 1 billion card transactions in 2012 Hosts 1 billion mortgage loan images Processes 800 million
More informationTechnology Focus: CURO from Time4Advice
Insight Innovation Inspiration Technology Focus: CURO from Time4Advice Adviser Business Review editor Rob Kingsbury interviews Roland Rawicz-Szczerbo, sales director of Time4Advice, about CURO the firm
More informationBriefing Paper. How to Compete on Customer Experience: Six Strategic Steps. www.syn gro.c om SynGro SynGro 2013 2013 Tel: +44 (0 ) 15 06 5 92 2 24
Briefing Paper How to Compete on Customer Experience: Six Strategic Steps How to Compete on Customer Experience: Six Strategic Steps Voice of the Customer as a term has come to reflect the growing understanding
More informationRealizing the Business Value of Master Data Management (MDM)
perspective Realizing the Business Value of Master Data Management (MDM) - Shashank Gadgil, Vineet Kulkarni Abstract Research shows that 40% of the anticipated value of all business initiatives is never
More informationThe Five Fundamentals of Virtual Server Data Protection. February, 2013
The Five Fundamentals of Virtual Server Data Protection February, 2013 Contents The Drive to Virtualize... 3 The Five Fundamentals... 3 Virtual Server Data Protection Solved... 4 Data Protection and the
More informationHow To Manage Risk With Sas
SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate
More informationIBM Information Management
IBM Information Management January 2008 IBM Information Management software Enterprise Information Management, Enterprise Content Management, Master Data Management How Do They Fit Together An IBM Whitepaper
More informationAvoiding the shoebox: managing expenses in small and mid-sized businesses
Avoiding the shoebox: managing expenses in small and mid-sized businesses How automation can help small and mid-sized businesses manage expenses July 2010 Managing employee expenses can be one of the most
More informationeeye Digital Security and ECSC Ltd Whitepaper
Attaining BS7799 Compliance with Retina Vulnerability Assessment Technology Information Security Risk Assessments For more information about eeye s Enterprise Vulnerability Assessment and Remediation Management
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationSpring 2010. Understanding International B2B Research for Printing and Imaging Markets. 4 Key Components. Introduction
Topic: International B2B Research Understanding International B2B Research for Printing and Imaging Markets 4 Key Components Introduction iprint is produced by Business Advantage, a B2B research, business
More informationOCSL delivers application migration project on time and under budget at major HP client
OCSL case study: HP Enterprise Services Infrastructure Technology Outsourcing OCSL delivers application migration project on time and under budget at major HP client OCSL came to the table via HP Technology
More informationDigital Asset Management. Delivering greater value from your assets by using better asset information to improve investment decisions
Digital Asset the way we see it Digital Asset Delivering greater value from your assets by using better asset information to improve investment decisions In its recent survey on the UK economy, the OECD
More informationHow To Manage Social Media Risk
www.pwc.co.uk/riskassurance Social media governance Harnessing your social media opportunity June 2014 Social media allows organisations to engage with people directly, express their corporate personality
More informationManagement with Simpana
Efficient, Affordable Data Management with Simpana Software and Microsoft Windows Azure Protect, Manage and Access Your Data Securely and Efficiently: On Premises, In the Cloud, From Anywhere, At Any Time,
More informationBig Data Integration: A Buyer's Guide
SEPTEMBER 2013 Buyer s Guide to Big Data Integration Sponsored by Contents Introduction 1 Challenges of Big Data Integration: New and Old 1 What You Need for Big Data Integration 3 Preferred Technology
More informationWHITE PAPER. PCI Compliance: Are UK Businesses Ready?
WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationInformation Management Advice 39 Developing an Information Asset Register
Information Management Advice 39 Developing an Information Asset Register Introduction The amount of information agencies create is continually increasing, and whether your agency is large or small, if
More informationVMware Cloud Adoption Study
VMware Cloud Adoption Study Executive Summary May 2012 Contents About the research 3 Objectives 4 Overview 4 Key Findings 5 European enterprises to spend a third of IT budgets this year on cloud computing,
More informationRESEARCH PAPER. Big data are we nearly there yet?
RESEARCH PAPER Big data are we nearly there yet? A look at the degree to which big data solutions have become a reality and the barriers to wider adoption May 2013 Sponsored by CONTENTS Executive summary
More informationTop 10 Trends In Business Intelligence for 2007
W H I T E P A P E R Top 10 Trends In Business Intelligence for 2007 HP s New Information Management Practice Table of contents Trend #1: BI Governance: Ensuring the Effectiveness of Programs and Investments
More informationSAP HANA FAQ. A dozen answers to the top questions IT pros typically have about SAP HANA
? SAP HANA FAQ A dozen answers to the top questions IT pros typically have about SAP HANA??? Overview If there s one thing that CEOs, CFOs, CMOs and CIOs agree on, it s the importance of collecting data.
More information2H 2015 SHADOW DATA REPORT
2H 20 SHADOW DATA REPORT Shadow Data Defined: All potentially risky data exposures lurking in cloud apps, due to lack of knowledge of the type of data being uploaded and how it is being shared. Shadow
More informationDigital identities and the open business
Identity and access management as a driver for business growth February 2013 Identity and access management (IAM) systems are today used by the majority of European enterprises. Many of these are still
More informationDriving Operations through Better, Faster Decision Making
Driving Operations through Better, Faster Decision Making Driving Operations through Better, Faster Decision Making Operations faces increasing pressure from all sides. Picky customers know that your competitors
More informationData ownership within governance: getting it right
Data ownership within governance: getting it right Control your data An Experian white paper Data Ownership within Governance : Getting it right - 1 Table of contents 1. Introduction 03 2. Why is data
More informationTOP QUESTIONS ABOUT MICROSOFT AUDITS
20 TOP QUESTIONS ABOUT MICROSOFT AUDITS 1745 Broadway, 17th Floor, New York, NY 10019, USA Tel. 646 475 2103 The word audit scares many people, but if your company licenses software, you will be audited
More informationIBM Solution for Pharmaceutical Track & Trace
Secure and responsive supply chains IBM Solution for Pharmaceutical Track & Trace The underlying problem: Complexity in the pharmaceutical supply chain At its core, the pharmaceutical industry is about
More informationData Deduplication: An Essential Component of your Data Protection Strategy
WHITE PAPER: THE EVOLUTION OF DATA DEDUPLICATION Data Deduplication: An Essential Component of your Data Protection Strategy JULY 2010 Andy Brewerton CA TECHNOLOGIES RECOVERY MANAGEMENT AND DATA MODELLING
More informationMANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS
MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS 3 THE USE OF BUSINESS SOFTWARE AND SPORTS ARE DEFINITELY QUITE SIMILAR; IF YOU WANT TO PLAY (USE THE SOFTWARE), YOU HAVE TO ACCEPT THE RULES. THIS INCLUDES
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationRicoh IT Services. Comprehensive solutions. IT infrastructure. IT Services
Ricoh IT Services Comprehensive solutions and support for highperforming, cost-efficient IT infrastructure IT Services Ricoh provides IT services that meet the needs of small, medium and enterprisesized
More informationBecause life happens in real-time
Because life happens in real-time Why dashboards are changing the shape of Business Intelligence Even if just one of the three statements below applies to your business, you ll be looking for a Business
More informationNavigating the NIST Cybersecurity Framework
Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationG-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service
G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service 1 Table of contents 1. Scope of our services... 3 2. Approach... 4 a. HealthCheck Application Scan... 4
More informationThe Importance of Data Quality for Intelligent Data Analytics:
The Importance of Data Quality for Intelligent Data Analytics: Optimizing the Financial and Operational Performance of IT White Paper IT decisions are only as good as the data they re based on. And that
More informationA TECHNICAL WHITE PAPER ATTUNITY VISIBILITY
A TECHNICAL WHITE PAPER ATTUNITY VISIBILITY Analytics for Enterprise Data Warehouse Management and Optimization Executive Summary Successful enterprise data management is an important initiative for growing
More informationExperian Cross Channel Marketing Platform. Managing campaigns and reaching consumers in real time
Experian Cross Channel Marketing Platform Managing campaigns and reaching consumers in real time The relationship between brands and customers has fundamentally changed. Whereas once there was equilibrium
More informationSecure Data Transmission Solutions for the Management and Control of Big Data
Secure Data Transmission Solutions for the Management and Control of Big Data Get the security and governance capabilities you need to solve Big Data challenges with Axway and CA Technologies. EXECUTIVE
More informationHow To Improve The Performance Of A Datacentre
Following on from the first cycle of research carried out in February 2011, this re-run of the next generation datacentre research covered 10 regions to identify what progress organisations have made in
More informationConvercent Predictive Analytics
September 2015 Convercent Predictive Analytics Innovation in User Experience for Issue Reporting & Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research,
More informationWhitepaper: 7 Steps to Developing a Cloud Security Plan
Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for
More informationSelling Telematics Motor Insurance Policies. A Good Practice Guide
Selling Telematics Motor Insurance Policies A Good Practice Guide April 2013 1 INTRODUCTION 1.1 The purpose of the guidance This guidance sets out high-level actions that insurers should seek to achieve
More informationBeyond the Single View with IBM InfoSphere
Ian Bowring MDM & Information Integration Sales Leader, NE Europe Beyond the Single View with IBM InfoSphere We are at a pivotal point with our information intensive projects 10-40% of each initiative
More informationThe Liaison ALLOY Platform
PRODUCT OVERVIEW The Liaison ALLOY Platform WELCOME TO YOUR DATA-INSPIRED FUTURE Data is a core enterprise asset. Extracting insights from data is a fundamental business need. As the volume, velocity,
More informationWe ll be right back: Data back up and Disaster Recovery for smaller and expanding businesses
We ll be right back: Data back up and Disaster Recovery for smaller and expanding businesses A Paralogic Networks Guide www.scholarisintl.com Introduction We all accept the necessity of making copies of
More informationA Practical Approach to Information Management
A Practical Approach to Information Management Solution Brief: Information Management Contents Information management isn t just a priority, it s mandatory.................................................
More informationThe Software Experts. Training Courses and Events
The Software Experts Training Courses and Events one HELPING UK ORGANISATIONS Ensure IT Compliance Education, Training & Development Many companies in the UK are finding that without accurate information
More informationInside Track Research Note. In association with. Enterprise Storage Architectures. Is it only about scale up or scale out?
Research Note In association with Enterprise Storage Architectures Is it only about scale up or scale out? August 2015 About this The insights presented in this document are derived from independent research
More informationSoftware License Asset Management (SLAM) Part III
LANDesk White Paper Software License Asset Management (SLAM) Part III Structuring SLAM to Solve Business Challenges Contents The Third Step in SLAM: Optimizing Your Operations.... 3 Benefiting from Step
More informationSupporting performance at Dixons Retail integrating formal and informal learning
Supporting performance at Dixons Retail integrating formal and informal learning Dixons Retail is continually looking for ways to implement innovative learning processes that improve business performance
More informationThe reality of cloud. Go beyond the hype and make a better choice. t 0845 5055 365 e sales@365itms.co.uk. www.365itms.co.uk
The reality of cloud Go beyond the hype and make a better choice www. The meaning of cloud 1. Cloud means different things to different people, something that s reflected in the many definitions of what
More informationTelecom Expense Management
Telecom Expense Professional Cost Group Ltd. Control your costs Manage your assets Transform your business Visit us online: www.pcmg.co.uk/tem Your Challenges. For most companies, fixed and mobile communications
More informationAsentinel Telecom Expense Management (TEM)
PRODUCT BRIEF: ASENTINEL TELECOM EXPENSE MANAGEMENT (TEM) Asentinel Telecom Expense Management (TEM) Asentinel 6.0 is a comprehensive global telecom expense management software solution encompassing the
More informationIBM Software A Journey to Adaptive MDM
IBM Software A Journey to Adaptive MDM What is Master Data? Why is it Important? A Journey to Adaptive MDM Contents 2 MDM Business Drivers and Business Value 4 MDM is a Journey 7 IBM MDM Portfolio An Adaptive
More informationThree proven methods to achieve a higher ROI from data mining
IBM SPSS Modeler Three proven methods to achieve a higher ROI from data mining Take your business results to the next level Highlights: Incorporate additional types of data in your predictive models By
More informationTECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.
TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA Colruyt ensures data privacy with Identity & Access Management. Table of Contents Executive Summary SECTION 1: CHALLENGE 2
More informationOur specialist insurance services for Professionals risks
Our specialist insurance services for Professionals risks Price Forbes & Partners is an independent Lloyd s broker based in the heart of London s insurance sector. We trade with all of the major international
More informationTop 10 Ways To Improve Contact Centre Performance And Enable Proactive Customer Care
Top 10 Ways To Improve Contact Centre Performance And Enable Proactive Customer Care Contact Centres can become victims of their own success. Good customer service and the ability to quickly and effectively
More informationReducing Cost and Risk Through Software Asset Management
RESEARCH SUMMARY NOVEMBER 2013 Reducing Cost and Risk Through Software Asset Management A survey conducted by CA Technologies among delegate attendees at the 2013 Gartner IT Financial, Procurement & Asset
More informationBUYER S GUIDE. flexible service delivery. Top 5 reasons for adopting SAP Managed Services. Remixing SLA s! Managing the post merger IT landscape
BUYER S GUIDE IT Managed Services Buyer s Guide for SAP customers May 2012 flexible service delivery Moving to the beat of IT innovation with SAP Managed Services to control costs and harmonise IT landscapes.
More informationA Case Study in Global Supply Chain Risk Management: How AGCO Implemented an SCRM Solution to Save Millions
Spend Matters. All rights reserved. 1 RESEARCH A Case Study in Global Supply Chain Risk Management: How AGCO Implemented an SCRM Solution to Save Millions By: Thomas Kase, VP of Research, Spend Matters
More informationExploiting Technology for Better Member Relationships
enabling the next generation Exploiting Technology for Better Member Relationships www.uk.logical.com Summary Membership organisations cannot afford to ignore the opportunities for technology to enhance
More information