When it comes to security breaches or compliance gaps, many are quick to point the finger outside their own department. In our first-ever SearchCompliance #GRCchat in January, we asked participants, "What departments or roles should be responsible for championing risk management and compliance in information governance frameworks?"
Our participants indicated that an individual or department should handle responsibilities for information governance management and fighting throughout the organization. According to #GRCchat-ters, chief risk officers, chief information security officers, chief data officers and even CEOs should step up and advocate for more stringent governance, risk and compliance (GRC):
A4 Championing should come from the C-suite, perhaps even CEO. Critical to creating info-centric culture. End users=herding cats #GRCchat— Derek Gascon (@InformaZen) January 16, 2014
C-suite roles were the focus of our Twitter followers, but one participant shared an alternative idea:
A4 we have a ethics & compliance exec comm at the top with a working group with members of risk/compliance functions. #GRCchat— Randy Moeller (@RJMrim) January 16, 2014
Our own executive editor, Linda Tucci, was first to probe Randy Moeller, a global governance manager at Procter & Gamble:
Shawn Tiemann, a solutions engineer at LockPath , also posed a series of questions to Moeller:
After responsibilities for information governance have been established, what next? We closed out our inaugural SearchCompliance #GRCchat by asking followers, "How can information governance frameworks be developed to cut down or eliminate redundant processes in relation to risk and compliance?" Step one: Discuss processes.
A5 The very first step would be discovering processes at a high level - data silos are a prerequisite for redundancy #grcchat— Shawn Tiemann (@LP_Stiemann) January 16, 2014
A5 Communication is key - stakeholders need to sit down to discuss process, identify similarities and combine resources where poss #GRCchat— Ben Cole (@BenjaminCole11) January 16, 2014
Once organizations understand these processes, they should look to streamline them, said SearchCompliance Managing Editor Rachel Lebeaux -- a topic that got some play earlier in the tweet jam:
A5 some will be a natural progression, if framework works, other parts of the business/affiliates, etc. will join. #GRCchat— Randy Moeller (@RJMrim) January 16, 2014
Another component of strong information governance is proper protocol around document accessibility:
A5 First and foremost, internal governance docs need to be accessible and centralized. Then teams can align. #grcchat— Shawn Tiemann (@LP_Stiemann) January 16, 2014
The fact that a discussion about document storage quickly turned into a conversation about the cloud points to an increased interest in cloud security as companies begin to streamline their governance, risk and compliance operations. Do you agree or disagree? Tell us in the comments section below.
This was first published in January 2014