GOVERNANCE, RISK MANAGEMENT, AND COMPLIANCE

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation that will enforce a stronger data protection regime for organizations that operate in the European Union (EU) and handle EU citizens’ data. GDPR constitutes the protection of personal data of employees, customers and others. In case organizations fail to comply with this regulation, they will be subject to heavy fines and damaged reputation. Considering that personal data represents critical and sensitive information that all organizations should protect, such a regulation will help put in place appropriate procedures and controls to prevent Information Security breaches. By May 2018, all organizations that operate in the EU should comply with this regulation.

ISO 31000 Risk Management

ISO 31000 is an international standard for Risk Management that provides a set of principles, a Risk Management framework and process, which help organizations take a proactive approach to risks that they face. ISO 31000 helps organizations to develop, implement and continuously improve a framework that aims to integrate Risk Management strategies into the overall organizational processes including decision-making. The Risk Management process involves following five steps that identify circumstances, detect risk-associated hazards, assess and determine the risk, control evaluated risks and review the impact of the risks.

ISO 37001 Anti-Bribery

ISO 37001 standard provides requirements for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. This standard is designed for all types of organizations from any sector and for any type of bribery they may face. Apart from this, it can also be implemented as a standalone standard or be integrated with other management systems. This standard is designed to for all types of organizations, any type of sector and any type of bribery risk it faces, and apart from that it can be implemented as a standalone or can also be integrated into an overall management system.

ISO/IEC 29100 Lead Privacy

ISO/IEC 29100 provides a high-level framework for protecting the Personally Identifiable Information (PII) that is within Information and Communication Technology systems (ICT). This privacy framework provided by ISO/IEC 29100 applies not only to organizations but also for persons using the ICT, which do require privacy controls in order to process the PII.

ISO 19600 Compliance Management

ISO 19600 provides guidelines for establishing, developing, implementing, managing and improving a compliance management system within an organization. This standard is applicable to all sizes, nature and complexity of company’s business activities. This will allow organizations to encounter all their regulatory requirements and manage their operational risks with one uniform compliance framework. Compliance Management is more than just a legal requirement; it is also a bound to meet the stakeholder’s needs and expectations regardless of industry.