03/18/2011

Japan Disaster: Reminding us why we need GRC that integrates Business Resilience, Risk and Incident Management

Japan's devastating earthquake, subsequent tsunami and current power plant threats remind us that we live in a world where the combination and cascading effect of threats raises risks beyond what we consider a reasonable threshold.  It is these apparent ‘black swan’ events that really set us back.  In times like this we see clearly the tight relationship between business resilience, risk and crisis management.

 As we watch the Japan disaster unfold, GRC and Business Continuity professionals the world over are abuzz with what this means back home.  Many organizations will take this an opportunity to look at their own best practices to understand their real exposures and plans to protect people and critical processes in the event of a disaster.

Centralizing approaches to business continuity, disaster recovery, risk and crisis management is a pure GRC use case.  And increasingly an urgent one. It seems impossible, and actually is, without a strong GRC program and good solid technology platform that cover the basics:

  • End-to-end risk management process with a common nomenclature and processes for assessing risk on a near-real time basis
  • Consensus between the business and IT on risk appetite
  • Complete understanding of business process criticality, RTOs  and RPOs
  • Visibility into the technology eco-system internally, and across the hybrid cloud - and how it supports the business
  • Online access to business continuity and disaster recovery plans in the event of a crisis or business disruption.
  • Centralized reporting and management of crisis events that impact employees, customers, stakeholders and mission-critical operations.

I have seen few platforms that can do all of this – but they are emerging.  RSA Archer Business Continuity is one, and there will be more entering the market in the short to medium term. It’s worth looking into these unified approaches –taking a proactive approach could save your organization in ways you can’t even imagine today. Who would have predicted we’d been looking at what we are now in Japan?  It is people, processes and technology, orchestrated in a way that is trulyresponsive, that in the end, makes all the difference.

Mar 18, 2011 12:44:35 PM | Cloud Computing, Information Governance, Information Security Risk Management, IT GRC, Risk Manangement

The comments to this entry are closed.

NEXT POST
GRC in the Cloud - Control + Visibility = Trust – Some examples from VmWare and RSA GRC in the Cloud - Control + Visibility = Trust – Some examples from VmWare and RSA Here’s the basic problem: Information in the cloud is constantly on the move – that’s the side effect of cloud’s basic benefits of resource utilization and service availability. This mobility, of course, is what drives security and GRC people crazy because it implies we don’t have visibility into where our information is, or control over where it goes, how it is used or who accesses it. Hybrid cloud GRC platforms can gain unprecedented levels of visibility and control by harvesting from monitoring systems to ensure that the hybrid cloud infrastructure conforms to security specifications, and that information is controlled in compliance with policies and regulations.
PREVIOUS POST
Five Simple Questions Core to GRC Program Success Five basic questions that form the building blocks of a successful GRC program:• What is our end-to-end GRC program and what do we need to invest in to achieve our goals? • How can we align business requirements with our policies and day-to-day operating processes? • What is our real exposure and what controls need to be implemented to contain risks? • How can we leverage technology to manage GRC holistically across the enterprise? • How can we govern our GRC processes across silos and stakeholders?

Yo Delmar

A MetricStream exec with a passion for Governance, Risk and Compliance

The Typepad Team

Search

My Other Accounts

Recent Comments