When: April 29, 2008 at 11:30 AM EDT
Register here>>Length: 60 Minutes
Speakers: Sanjay Anand, Chairperson of the SOX Institute and Chrisan Herrod, Executive Editor of The Compliance Authority
The Compliance Authority and SOX Institute issued a GRC benchmark survey in March 2008 to 1000s of compliance professionals and practitioners that resulted in more than 450 completed surveys. The survey objective is to establish an industry benchmark for compliance programs, priorities and spend. The benchmark results will be discussed in this free webinar sponsored by Compliance Spectrum.
The webinar will take the form of a panel discussion featuring Sanjay Anand, Chairperson of the SOX Institute, and Chrisan Herrod, Executive Editor of The Compliance Authority. Anand and Herrod will discuss the survey responses and implications for compliance professionals and their respective programs. Moderating the event will be John Engel, Director of Marketing at the SOX Institute.
The survey represents a strong cross section (industries, company size, roles) of the compliance market and presents a balanced picture of the current state of compliance programs. The results offer webinar participants peer-level insight into the current state of compliance programs, including:
- Regulatory priorities
- Compliance program costs and budget expectations
- Barriers to implementing a successful compliance program
- Approaches to reducing the cost of compliance
- Tools utilized to automate the compliance process
Who should attend this webinar:
- Chief Compliance Officers
- Chief Information Security Officers
- Compliance managers and practitioners
- Internal/External Auditors
"As the need to protect data moves from a local to a global concern, many governments are taking notice and have implemented their own versions of data-protection laws. While there are strengths to having this legislation in place, there are several hazards that organizations must be aware of when considering doing business in other countries."
Ayoub makes the case for being aware of the the following compliance regimes from around the world:
Global Standard: Payment Card Industry (PCI) Data Security Standard—PCI has improved security in the credit card industry by setting out clear definitions and requirements for compliance and disruptive punishments for noncompliance.
European Union: Directive 2002/58/EC—The EU directive on privacy and electronic communications requires the 27 EU member states to harmonize national laws regarding data security to protect the confidentiality of communications.
Tunisia: The Data Protection Act—This law based on the EU data-protection directive created a government-
appointed Data Protection Commission assigned to enforce the law.
Mexico: Model Electronic Commerce Law—This law amends four previous laws to create a legal framework for e-commerce that requires businesses to encrypt data and keep customer records confidential, and establishes penalties of up to 2,500 times the prevailing minimum wage in the Federal District for noncompliance.
Australia: Privacy Act—The act established 11 privacy principles, with principle 4 addressing the storage and security of personal information. The act requires businesses with access to personal information to implement measures that prevent loss, unauthorized access, modification, disclosure or misuse of such information.
India: Information Technology Act—This law addresses electronic data interchange and electronic communications. It created penalties for cyber crime, breach of confidentiality and breach of privacy, thereby encouraging businesses to improve security for their networks and data.
Read the article here >>
Over the next several weeks, I propose to get into more details about how the concept of GRC can be applied in virtually any/every context/industry. While regulations and standards like SOX, PCI and ISO are specific in their intent and objectives, concepts like PM (project management), RM (risk management) and GRC (the integration and alignment of governance, risk and compliance) are general concepts that provide a basis and a framework within which SOX, PCI, ISO and other regulations and standards can not only exist, but hopefully co-exist.
• Combine security information across the enterprise from such disparate entities as directories, databases and other third-party applications into one central repository
• Tie individuals to user IDs, groups and resources by matching real people by name to the user IDs assigned to them as well as to their group memberships to provide a view into resources and how, when and why they’re used
• Import existing data from other applications for an integrated solution
• Provide a strong access-control infrastructure with business-level ownership of access-request approvals
• Review privileges and entitlements regularly and monitor real-time access events
• Identify conflicts and perform remediation on demand
• Create and output custom and ad-hoc reports easily without a programming language
• Offer provisioning capabilities for cost efficiency and audit tools for control and compliance tracking
• Use business-oriented screens and a user-friendly interface
Do you have anything to add to this list of requirements?
Welcome to TheComplianceAuthority.com
Formerly known as IT Compliance Magazine, we're changing our name and expanding our focus. The change in name represents the growth and maturity of the governance, risk and compliance (GRC) market and the growing interest of our readers in expanding their knowledge of GRC and its emerging best practices. IT compliance continues to be a critical part of GRC, and our articles will continue to reflect best practices in that field. But IT compliance is only one aspect of the overall GRC practice area, and the change of our magazine’s focus is intended to broaden and enhance contributions made every day in this critical field.
We grew substantially in 2007, and as we move forward in 2008 we expect our readership to grow even further and our articles to cover diverse and interesting aspects of GRC. To reflect this change in focus, our Web site has been completely revamped. We thank our readers for helping shape our publication and for your continued support and interest in this vital industry.
We invite each of you to drop us an e-mail to let us know how we can make this site your main source for the latest insights and perspectives on GRC. Whether your story ideas come from inside the boardroom, conversations at a conference or an idea you’d like to hear leading practitioners discuss, we invite you to contact us at editor@thecomplianceauthority.com.
Our stories come from experts with diverse backgrounds. In the weeks ahead, we'll deal with GRC challenges in the securities area, the IT GRC area and GRC’s impact on global organizations. In keeping with our new focus, our first article - The Role and Responsibility of a Chief Compliance Officer - is by Guy Talarico, CEO of Alaric Compliance Services. Alaric specializes in providing compliance officers for the registered and unregistered fund industry. Guy’s article explains the duties of a chief compliance officer,which apply across the board no matter what industry you work in.
If you currently receive the print version of our quarterly IT Compliance Magazine, you’ll be automatically subscribed to our new quarterly - The Compliance Authority Magazine. I invite you to register for more timely updates by signing up for our monthly email newsletter at http://www.thecomplianceauthority.com/register.shtml.
