Centralized data management. Time to surrender the silo
During my morning runs, I run past this old silo in the middle of suburbia. Surrounded by single family homes, it looks either out of place or serves as a quaint reminder of an earlier time.
It brings to mind a different kind of silo that appears in business and how prevalent they still are, despite the connected nature of business today with cloud computing, big data, machine learning, global markets and the like. Operating in silos where people act independent and without regard to other departments invites duplicated or inconsistent responses. It’s an inefficient and less productive way to operate, especially in this day of technology and non-stop connectivity.
When siloed organizations respond to enterprise-wide risk, a lot can go wrong. For starters, if every department responds in its own way to regulatory compliance, it is, at best, an inefficient doubling or tripling of the work necessary. At worst, it’s a mess trying to distinguish the company’s compliance stance with gaps of non-compliance.
Risk management is just as, if not more, problematic. Information security impacts every department and every employee. Individual business units with IT staff may respond differently based on the technology used and their expertise. The risk of miscommunications or something falling through the cracks is serious.
From the 30,000 foot view, the biggest drawback to silos is the fact they hinder data sharing, accountability, and visibility — the essential elements needed for enterprise risk management.
We could talk until we’re blue in the face, mistaken for members of the Blue Man Group, about business struggles with silos.
Here’s a better idea. Connect your silos with a framework and a platform designed for centralized data management. Frameworks and standards like ISO 27000 series, NIST, and PCI DSS provide a strong base for managing risk in their respective areas. Companies with mature risk management programs rely on integrated risk management systems (IRMS) supported by governance, risk management, and compliance (GRC) technology.
The main takeaway is that you can command a framework using GRC technology to build your own integrated risk management system that interfaces with the company’s business processes.
While you know you should transition from operating in silos to connecting departments with a centralized data management platform, you may be concerned about the challenge of driving the organizational change required. Perhaps past programs have failed. Maybe you believe only a major incident would get the attention needed for significant change. There is a better way.
Start with small steps like documenting your processes, attending a webinar or requesting a demo. Take our quick 10-question survey to see where you stand on the maturity scale for GRC and centralized data management.
Look for quick wins like implementing a pilot and producing key metrics for an executive audience. If that leads to a company leader championing the cause, all the better. Be watchful of too much, too soon. A grand project that sends shockwaves throughout the organization stands to fail. It’s better to start small, collect quick wins, and nurture the growth of your program.
The key is to connect your silos and centralize data management, so cross-functional teams can work together.That will effectively end the data silo era for the betterment of enterprise-wide initiatives like compliance and integrated risk management.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.