EMC ANZ Momentum User Group 2011- Business Track - Information Governance- The Foundation for an...

1© Copyright 2011 EMC Corporation. All rights reserved.

Information Governance

The Foundation for an eGRC Strategy

Andy HoodEMC Information Governance


What is eGRC?


What is GRC?• Governance is the culture, policies, processes, laws,

and institutions that define the structure by which companies are directed and managed.

• Risk is the effect of uncertainty on business objectives; risk management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events.

• Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures


Data Center

App Mgmt.

SDLC

InfoSec

IT Security

BCP

DR

Market Risk

Credit Risk

LiquidityRisk

Environmental

Health & Safety

Fraud

Financial Reporting

Litigation

HR

Liability

Privacy

IT Operations Finance Legal

Geo-PoliticalApplications

Common GRC Theme: Risk


Enterprise GRC Processes

Enterprise GRC

GRC Domains

Supporting Processes

• Anti-Bribery Compliance

• Anti-Money Laundering

Compliance

• Automated Control Collection

• Background Check Management

• Basel II

• Board Decision Support

• Budget Tracking

• Company Initiatives

• Data Dictionary

• Digital Media Repository

• Employee Satisfaction

• Facility Resource Management

• FMEA Management

• GxP Compliance

• Insurance Claims Management

• Key Performance Indicators

• Key Risk Indicators

• KYC Compliance

• OFAC/Global Trade Compliance

• Penetration Test Management

• PPAP Management

• Purchase Order Tracking

• Resource Capacity Planning

• Service Level Agreements

• Compensation/Benefits Management

• Configure – Price – Quote

• Contract Management

• Corporate Ethics Compliance

• Corrective/Protective Action Solution

• Customer Complaint Management

• Customer Due Diligence Management

IT Finance Operations Legal

Co

re P

roces

se

s • Risk Management

• Policy Management

• Incident Management

• Enterprise Management

• Vendor Management

• Compliance Management

• Training & Awareness

• Threat Management

• Disaster Recovery Management

• Risk Management







• Audit Management

• Loss Event Management

• Risk Management







• Business Continuity Management

• Crisis Management

• Environmental Health & Safety

• Quality Management

• Risk Management







• Privacy Management

• Board & Entity Management

• Matters Management

• Corporate & Social Responsibility


Consulting/Implementation Best Practices

eGRC Management Platform

EMC eGRC Strategy

Business Continuity

Management

Information Governance

eGRC Business Solutions

AdvancedSecurity

Management


Information Governance• In essence, information governance is the practices and

technologies involved with proactively managing:– what information is retained,– where it is stored,– for how long,– who has access to it, and– how it is protected

• The drivers behind information governance initiatives include:– the need to comply with regulations and ensure data integrity and

security– control of operational expenses associated with managing data– the risks associated with poorly managed data– the e-discovery costs associated with vast volumes of data

Source: The 451 Group, The Rise of Information Governance, August 2009


EMC Information Governance Solutions


Business Challenge: Unmanaged File Content

• How much is there?

• What is it costing us?

• What is its business value?

• What is private and confidential ?


Gain Visibility

…. Deliver on-goinginformation intelligence

Classify information based on

metadata or content of file

Migrate valuable files to secure

repositories

Increase primary storage capacity

while reducing costs

Create an efficient policy based

environment that reduces risk


Business Challenge: Records and Retention Management

• The process of manually searching through vast sums of content, identifying them as records, and processing them does not scale

• Organizations do not have the resources to keep up with the huge volumes of content


Manage Risk

…Ensure consistent retention management

Time- and event-based retention and disposition

Retention tied to workflows and business processes

Manage physical, electronic and federated records

Provides certified records management


Business Challenge: eDiscovery• Skyrocketing costs of

collecting information

• Too much dependence on 3rd

party solution providers

• Inability to consistently apply and enforce policy on electronically stored information

• High risk and sanctions

• Ubiquitous nature of litigations and internal investigations/audit

• Gap between Legal and IT


Simplify eDiscovery

…. Shift from reactive to proactive

Respond in a quick and cost-effective manner to eDiscovery requests

Provide Early Case Assessment

Implement a repeatable business process that minimizes eDiscovery and compliance costs

Roll out an accurate and defensible eDiscovery process with complete audit and chain of custody


Business Challenge: Uncontrolled Content Growth

• “Ungoverned” information growing in Microsoft SharePoint, Microsoft Exchange, Lotus Domino and File Shares

• Cost of Primary Storage

• Backup and Recovery SLAs


Cut Costs

…. Preserve user experience

Reduce storage requirements by as much as 50% and improve backup operations

Improve performance & scalability by up to 60%

Accelerate upgrades and migrations

Consistently apply and enforce retention and disposition policies

Eliminate personal archives


• Set retention across all content

• Reduce costs by 50% or more

Flexible

• Repeatable in-house solution for response and readiness

• Reduce review costs up to 90%

Repeatable

• Modular approach

• Apply to unstructured content throughout the organization

Modular

• Identify risky and obsolete informationin-place

• Make sound decisions and policies

• Makes archiving “smarter”

Consistent


Summary• Information governance is a foundational element of eGRC

that results in organizations gaining visibility, managing risk, simplifying eDiscovery and reducing costs

• eGRC requires a holistic approach spanning multiple technologies and consulting

• Organizations can take a modular approach to eGRC in general and Information Governance in particular


Q&A


Resources

• www.emc.com/EMC SourceOne:“Do More with the Power of EMC SourceOne”

•Press releases•Analyst reports •Video and audio events •Demonstrations•Data sheets

•www.emc.com/grc“See more, Act faster, Spend less”

• www.emc.com/EMC SourceOnecity“The Next Generation of Information Governance”

White Paper: Enterprise Governance, Risk and Compliance: A New Paradigm to Meet New Demands

http://www.emc.com/sourceone

http://www.emc.com/grc

http://www.emc.com/grc

http://www.emc.com/sourceonecity

http://www.emc.com/sourceonecity

http://www.emc.com/collateral/emc-perspective/egrc-paradigm-to-demands-wp.pdf


THANK YOU

EMC ANZ Momentum User Group 2011- Business Track - Information Governance- The Foundation for an...

Business

Transcript of EMC ANZ Momentum User Group 2011- Business Track - Information Governance- The Foundation for an...