Date & Time
Tuesday, October 16, 2018, 4:00 PM - 5:30 PM
Category
Governance, Risk & Compliance
Description

Assessing risk over a wide range of regulations, standards, and governmental guidance is a challenging task, but it is essential to address and reduce risk to the business and critical systems. You must identify and interpret each of the mandates across your organization. Then the mandates must be applied across a range of resources, geographies, and operations so that the risks can be mitigated. This can be accomplished most efficiently with the use of a Common Control framework.

Risk management professionals are challenged to create their organization’s security baselines, find the appropriate regulatory documents, and leverage the Common Controls into their environment. Frameworks have become a necessary means to distill and harmonize the various controls forced upon us because of the increasing number of regulatory guidelines burdening today’s organizations. It is not uncommon for a single mid-sized organization to fall under GLBA, HIPAA, PCI-DSS, and multiple state and international privacy regulations. Risk management professionals and compliance auditors have areas of overlapping interest here as auditors must provide an independent assurance of the risk management information’s credibility and reliability, as well as the soundness of the risk management process.

We will demonstrate how to mitigate business, security, and regulatory risk by building a comprehensive governance framework that efficiently manages all Common Controls, while at the same time, satisfying the transparency needed to provide the legally defensible evidence collection required by auditors. The process to using this approach will be discussed, including:

• Harmonizing multiple regulations into a single set of controls

• Using a framework for a common language for internal communication

• Ensuring alignment with original mandates already in place

• Tying it back to the original requirements of the regulations

• Addressing the scope for each risk assessment and audit

• Reducing repetitive evidence collection  

• Examining the impact to risk posture as regulations are added or updated

Speaker(s)
Lynn Heiberger
Speaker Bio(s)
Lynn has over 20 years of IT application and infrastructure experience spanning publishing, insurance, and GRC. On the board of Unified Compliance since its inception in 2002, she returned as COO to bring the Unified Compliance Framework® to multiple GRC platforms. She was previously the Director of Infrastructure Architecture and Integrated Services at AAA Insurance Exchange where she implemented successful compliance programs for PCI and other state regulatory requirements. Today, she is focused on operationalizing compliance with the Department of Education, ARMA, OCEG, ServiceNow, IBM, and many other partners of Unified Compliance.
CEUs
1.8