Post on 24-May-2015
description
1© Copyright 2011 EMC Corporation. All rights reserved.
Information Governance
The Foundation for an eGRC Strategy
Andy HoodEMC Information Governance
2© Copyright 2011 EMC Corporation. All rights reserved.
What is eGRC?
3© Copyright 2011 EMC Corporation. All rights reserved.
What is GRC?• Governance is the culture, policies, processes, laws,
and institutions that define the structure by which companies are directed and managed.
• Risk is the effect of uncertainty on business objectives; risk management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events.
• Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures
4© Copyright 2011 EMC Corporation. All rights reserved.
Data Center
App Mgmt.
SDLC
InfoSec
IT Security
BCP
DR
Market Risk
Credit Risk
LiquidityRisk
Environmental
Health & Safety
Fraud
Financial Reporting
Litigation
HR
Liability
Privacy
IT Operations Finance Legal
Geo-PoliticalApplications
Common GRC Theme: Risk
5© Copyright 2011 EMC Corporation. All rights reserved.
Enterprise GRC Processes
Enterprise GRC
GRC Domains
Supporting Processes
• Anti-Bribery Compliance
• Anti-Money Laundering
Compliance
• Automated Control Collection
• Background Check Management
• Basel II
• Board Decision Support
• Budget Tracking
• Company Initiatives
• Data Dictionary
• Digital Media Repository
• Employee Satisfaction
• Facility Resource Management
• FMEA Management
• GxP Compliance
• Insurance Claims Management
• Key Performance Indicators
• Key Risk Indicators
• KYC Compliance
• OFAC/Global Trade Compliance
• Penetration Test Management
• PPAP Management
• Purchase Order Tracking
• Resource Capacity Planning
• Service Level Agreements
• Compensation/Benefits Management
• Configure – Price – Quote
• Contract Management
• Corporate Ethics Compliance
• Corrective/Protective Action Solution
• Customer Complaint Management
• Customer Due Diligence Management
IT Finance Operations Legal
Co
re P
roces
se
s • Risk Management
• Policy Management
• Incident Management
• Enterprise Management
• Vendor Management
• Compliance Management
• Training & Awareness
• Threat Management
• Disaster Recovery Management
• Risk Management
• Policy Management
• Incident Management
• Enterprise Management
• Vendor Management
• Compliance Management
• Training & Awareness
• Audit Management
• Loss Event Management
• Risk Management
• Policy Management
• Incident Management
• Enterprise Management
• Vendor Management
• Compliance Management
• Training & Awareness
• Business Continuity Management
• Crisis Management
• Environmental Health & Safety
• Quality Management
• Risk Management
• Policy Management
• Incident Management
• Enterprise Management
• Vendor Management
• Compliance Management
• Training & Awareness
• Privacy Management
• Board & Entity Management
• Matters Management
• Corporate & Social Responsibility
6© Copyright 2011 EMC Corporation. All rights reserved.
Consulting/Implementation Best Practices
eGRC Management Platform
EMC eGRC Strategy
Business Continuity
Management
Information Governance
eGRC Business Solutions
AdvancedSecurity
Management
7© Copyright 2011 EMC Corporation. All rights reserved.
Information Governance• In essence, information governance is the practices and
technologies involved with proactively managing:– what information is retained,– where it is stored,– for how long,– who has access to it, and– how it is protected
• The drivers behind information governance initiatives include:– the need to comply with regulations and ensure data integrity and
security– control of operational expenses associated with managing data– the risks associated with poorly managed data– the e-discovery costs associated with vast volumes of data
Source: The 451 Group, The Rise of Information Governance, August 2009
8© Copyright 2011 EMC Corporation. All rights reserved.
EMC Information Governance Solutions
9© Copyright 2011 EMC Corporation. All rights reserved.
Business Challenge: Unmanaged File Content
• How much is there?
• What is it costing us?
• What is its business value?
• What is private and confidential ?
10© Copyright 2011 EMC Corporation. All rights reserved.
Gain Visibility
…. Deliver on-goinginformation intelligence
Classify information based on
metadata or content of file
Migrate valuable files to secure
repositories
Increase primary storage capacity
while reducing costs
Create an efficient policy based
environment that reduces risk
11© Copyright 2011 EMC Corporation. All rights reserved.
Business Challenge: Records and Retention Management
• The process of manually searching through vast sums of content, identifying them as records, and processing them does not scale
• Organizations do not have the resources to keep up with the huge volumes of content
12© Copyright 2011 EMC Corporation. All rights reserved.
Manage Risk
…Ensure consistent retention management
Time- and event-based retention and disposition
Retention tied to workflows and business processes
Manage physical, electronic and federated records
Provides certified records management
13© Copyright 2011 EMC Corporation. All rights reserved.
Business Challenge: eDiscovery• Skyrocketing costs of
collecting information
• Too much dependence on 3rd
party solution providers
• Inability to consistently apply and enforce policy on electronically stored information
• High risk and sanctions
• Ubiquitous nature of litigations and internal investigations/audit
• Gap between Legal and IT
14© Copyright 2011 EMC Corporation. All rights reserved.
Simplify eDiscovery
…. Shift from reactive to proactive
Respond in a quick and cost-effective manner to eDiscovery requests
Provide Early Case Assessment
Implement a repeatable business process that minimizes eDiscovery and compliance costs
Roll out an accurate and defensible eDiscovery process with complete audit and chain of custody
15© Copyright 2011 EMC Corporation. All rights reserved.
Business Challenge: Uncontrolled Content Growth
• “Ungoverned” information growing in Microsoft SharePoint, Microsoft Exchange, Lotus Domino and File Shares
• Cost of Primary Storage
• Backup and Recovery SLAs
16© Copyright 2011 EMC Corporation. All rights reserved.
Cut Costs
…. Preserve user experience
Reduce storage requirements by as much as 50% and improve backup operations
Improve performance & scalability by up to 60%
Accelerate upgrades and migrations
Consistently apply and enforce retention and disposition policies
Eliminate personal archives
17© Copyright 2011 EMC Corporation. All rights reserved.
• Set retention across all content
• Reduce costs by 50% or more
Flexible
• Repeatable in-house solution for response and readiness
• Reduce review costs up to 90%
Repeatable
• Modular approach
• Apply to unstructured content throughout the organization
Modular
• Identify risky and obsolete informationin-place
• Make sound decisions and policies
• Makes archiving “smarter”
Consistent
18© Copyright 2011 EMC Corporation. All rights reserved.
Summary• Information governance is a foundational element of eGRC
that results in organizations gaining visibility, managing risk, simplifying eDiscovery and reducing costs
• eGRC requires a holistic approach spanning multiple technologies and consulting
• Organizations can take a modular approach to eGRC in general and Information Governance in particular
19© Copyright 2011 EMC Corporation. All rights reserved.
Q&A
20© Copyright 2011 EMC Corporation. All rights reserved.
Resources
• www.emc.com/EMC SourceOne:“Do More with the Power of EMC SourceOne”
•Press releases•Analyst reports •Video and audio events •Demonstrations•Data sheets
•www.emc.com/grc“See more, Act faster, Spend less”
• www.emc.com/EMC SourceOnecity“The Next Generation of Information Governance”
White Paper: Enterprise Governance, Risk and Compliance: A New Paradigm to Meet New Demands
21© Copyright 2011 EMC Corporation. All rights reserved.
THANK YOU