For spring break, escape routine risk management
For many, spring break brings to mind a week off from school in March and trips to sun-kissed beaches. Viewed another way, it’s a week to break free from workplaces stresses and see things with a fresh perspective. For those who manage risk, why not use this year’s spring break week to discover what’s out there that could make your job easier and more effective?
Here are five ways to escape from routine risk management:
Use automation to streamline risk management processes
What if you could apply automation to specific processes and free up time spent manually doing those steps? Once set up, managing a process can be as easy as a walk at the beach. The key is to map out a process and see where technology could streamline steps.
A major social game developer did just that. The company was using spreadsheets to manage vulnerabilities but streamlined the process by implementing a GRC platform. Now scanner findings automatically import and correlate in the platform for prioritizing vulnerabilities by asset criticality. A risk management process that once took three months now takes three days.
Leverage frameworks to fast track compliance
Compliance and controls go together like the sun and sunscreen. The more regulations, standards and contracts you comply with, the more controls you need in place. That’s where frameworks like NIST and ISO can be a big help, giving you a baseline set of controls to customize.
Seattle-based OpenMarket leveraged both ISO 27001 and NIST 800-53 frameworks to build an OpenMarket Controls Catalog for compliance with regulations, standards and requirements. Between framework controls, custom controls and a technology platform to house everything in an ISMS, OpenMarket can streamline compliance with 137 contracts, 254 compliance mandates and 9700 contract demands.
Rethink how your organization conducts audits
Gathering evidence for audits can be like shell hunting on the beach. You search incessantly until you find something worth collecting.
Claims Recovery Financial Services (CRFS) experienced this firsthand through the company’s 15 to 20 annual audits. Each audit requires more than a week and several workers, including an assigned project manager and multiple compliance specialists to locate supporting documentation and to complete questionnaires. After implementing a technology platform, audit coordination that took a team effort and weeks was reduced to one person and one to two day’s work.
Make a goal that’s big and bold
Nothing excites a family or a group of college students like spring break plans to travel. For major initiatives at your company, you also need a destination and a roadmap.
GCI, an Alaska-based provider of data, wireless, video, voice and managed services, had an ambitious goal to build its security compliance program in 18 months. It took tone from the top, a supportive company culture, a dedicated team and a technology platform to pull it off. The secret to GCI’s success? They’re big believers in beginning with the end in mind and developing a roadmap to the goal, and yet remain open to change or even dismissing the goal if it makes strategic sense.
Get everyone on the same page
A popular spring break activity is trivia contests. It’s the team that’s smart and works together that wins. Similarly, smarter risk management demands collaboration and communication among departments.
The University of Chicago Biological Sciences Division (BSD) learned how to manage vulnerabilities across 32 departments and 5,000 faculty/staff even though each department operated independently with its own IT staff and different cybersecurity requirements. A technology platform brought together people, processes and technology. BSD now has a streamlined approach to managing vulnerabilities that is accurate, automated and accepted.
Managing risk is routine most of the time, but the elements that contribute to risk are always changing. That’s why it’s a good idea to escape your everyday world and gain a fresh perspective that often comes with spring break. All you need is a little extra to go from ordinary to extraordinary.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.
In many ways, global supply chains are in the crosshairs of the global pandemic. We share three strategies you can pursue now to be ready for when business starts to recover.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.