The three main steps to guarantee adequate information governance are gaining visibility, taking action, and assuming control over the information, according to AVeS Cyber Security Managing Director Cecil Munsamy. "If a company implements these steps successfully, it will remove organisational barriers to information decision-making."
Entitled: 'Bridging the Compliance Gap Between IT and Business', the roadshow will be held in Cape Town at The Wild Fig Restaurant, in Mowbray, on 31 October; in Durban at The Market Restaurant, in Greyville, on 1 November; and in Johannesburg at the Bryanston Country Club on 2 November. All three events take place from 9am to 12:30pm.
The roadshow is being organised in conjunction with Veritas. "Veritas simplifies this process by illuminating information hazards and providing tools for automated remediation," EMEA Information Intelligence Product Lead Jaap Den Exter Van Den Brink explains.
By delivering a detailed blueprint of a company's information ecosystem, Veritas allows it to fight back against the exponential data curve in order to manage its risk. This also allows companies to address information compliance challenges related to regulations such as the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR).
The roadshow will provide an overview of the legal requirements for companies in terms of both POPIA and GDPR, an overview of IT governance and management, how to align with GDPR, and a client workshop on assessment and remediation measures.
The relevant standards related to information governance are ISO 9001 (Quality) and ISO 27000 (Information Security Management). "These are important guidelines as they inform us what remedial action is necessary to achieve full compliance," Munsamy points out. "ISO accreditation is a brilliant starting point, as it automatically ensures your business is aligned to an international standard."
"I do not think we can move away from the fact that every single company needs information governance, whether it be engineering, industrial, or corporate. Of course, it does depend on which standards you need to align with. The main outcome is you automatically reduce the risk of having to deal with any incidents if you have no governance measures in place at all," Munsamy adds. This is also vital in complying with OHSAS 18001 health and safety requirements, for example.
As for his message to companies who either argue that information governance is too costly or non-core to implement, Munsamy says the most cost-effective solution in this regard is to adopt a generic approach, especially if it is a newly-established company. "Here you do not need the same information governance measures as you would in the banking sector, for example. The most important thing is to have something in place, in order to be able to deal with any incidents that may occur in the future and leave the company exposed to liability or any additional risk."
Munsamy reiterates: "Instituting information governance means no sleepless nights worrying that you have done nothing at all. When there is an incident, and it relates to management not implementing the necessary controls, the impact on the company can be disastrous. However, it is equally important to strike a balance between what is required and what is not really necessary from the outset, as this reduces the cost and increases the effectiveness of the measures you do decide to implement.
"You have to be tolerant to certain risks and eliminate others in order to be able to define the overall risk appetite of your business. Whatever information governance remediation measures you embark upon have to ultimately be aligned with your own business goals. You can spend millions in mitigation, but this will mean nothing at the end of the day if you are unable to conduct business for whatsoever reason."
AVeS Cyber Security has a highly-experienced team of experts specialising in assessments, road-map preparation, implementation, training and awareness, monitoring, and incident management. The consultancy also offers training in King IV, Cobit-5, ISO 27001, POPIA, PCI DSS, and other non-IT related standards such as ISO 9001, ISO 14001, and 18001.
Professional services offered run the gamut of improving consistency (corporate governance), reducing risk (IT security), increasing efficiency (advanced infrastructure), empowering expertise (AVeS Training Academy), and operating intelligently (Managed Services).
To register for the 'Bridging the Compliance Gap Between IT and Business' roadshow, visit: https://aves.co.za/bridging-the-compliance-gap-between-it-and-business-roadshow/.
Share