1 / 57

Click to see next slide

Click to see next slide.

gavina
Download Presentation

Click to see next slide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Click to see next slide Multi Compliance FrameworkMaintain yourGDPR programDevelop your IT Management SystemEnable your required Audit ReportingAccelerate your Information SecuritySystem… WITHOUT expensive consultancy fees….. !Greet Volders Managing ConsultantVoquals N.V.

  2. Purpose of this Multi Compliance Framework • Reduce time needed to prepare for internal & external audits • Reduce manual activities to prepare reporting by automating reporting through BI • Facilitate evidence collection for control testing • Increase customer & stakeholder confidence by continuous Compliance checks, monitoring and reporting • Easily build relations according to the Business Needs between: • People • Business & IT Processes • Compliance Requirements Greet Volders _ Voquals N.V. Multi Compliance Framework

  3. Deliverables included in this Multi Compliance Framework • A complete set of IT-related processes (37 in all) • Based on the content of COBIT5, ITIL and Voquals’ experience • Presentable on your website • With cross-references to • Various ISO-standards (see next slide) • ITIL • COBIT4.1 - for a smooth transition to COBIT5 • Additional integrated content • Process Capability Assessment • IT related goals and metrics • Specific templates and examples of deliverables for certain processes Greet Volders _ Voquals N.V. Multi Compliance Framework

  4. Deliverables included in this Multi Compliance Framework • Add-on’s are available for • ISO-reporting • With mapping all IT-related processes aligning to: • ISO9001:2015 (Quality) • ISO27001:2013 (Security) • ISO20000:2012 (ITIL) • Reports with links to your company processes are pre-defined • Can be easily tailored to other standards and control frameworksby yourself • GDPR compliant processes & documents • Necessary GDPR procedures • Awareness raising through built-in information, practical examples and templates • Required GDPR reports, e.g. • Data Register • Record of requests from Data Subjects Greet Volders _ Voquals N.V. Multi Compliance Framework

  5. Deliverables included in this Multi Compliance Framework • For each process, we provide • High level description, purpose, audience and scope • Visio charting all steps in a process • Detailed descriptions for these steps • RACI linking People to Processes • Responsible – Accountable – Consulted – Informed • Relationships with all defined regulations, standards, control frameworks, etc. Greet Volders _ Voquals N.V. Multi Compliance Framework

  6. Potential Savingswith this Multi Compliance Framework • For the development of your IT-related processes • For all 37 processes, a complete description is available, which can be used to describe your IT-related processes, simply by adapting the description to your organization. • No need to start with a blank sheet and you don’t have to be an expert in COBIT5, ITIL to define your processes compliant to these best practices! • A potential saving of a few Man-days per process. • For 20 processes this yields to a saving of 60 Man-days. Greet Volders _ Voquals N.V. Multi Compliance Framework

  7. Potential Savingswith this Multi Compliance Framework • Support the changes in your organization • In all the processes, process-steps and activities you can indicate who (person, role or function) is Responsible and Accountable, who should be Consulted and Informed (RACI). • These are pre-defined for all 37 IT-related processes. • How is functions : • When the function of a person changes, or a person leaves the organization, you only need to adapt the link from the person to the function, or change the name of the person. • The result is that in all related processes, process-steps and activities, enables the continued tracking of the correct person, who remains identified. • Each change in your organization is managed with 1 action, which yields to a saving of 1 Man-day per change, providing the assurance that all links to functions, roles and persons are always up-to-date ! Greet Volders _ Voquals N.V. Multi Compliance Framework

  8. Potential Savingswith this Multi Compliance Framework • Facilitating your internal & external audits • A link is foreseen to several Standards, Control Frameworks, and other “best practices”, such as : • ISO9001 - ISO27001 - ISO2000 • The DNB Control Objectives - GDPR requirements - …. . • Since the complete content of these standards and frameworks is available within the framework, these links can also be made to all other business processes. • In the portal (publication site) overviews are available for each of the standards, with links to related processes and documents. • This can be made available to the internal & external auditors, without any additional work, in the preparation of each audit. • Saving for each audit the time that’s spent now, without this Framework, to prepare the audits! Greet Volders _ Voquals N.V. Multi Compliance Framework

  9. Multi Compliance Framework- homepage • The home page gives you access to the most important parts of this Multi Compliance Framework, being: • The processes, their flow and descriptions • Financial Reporting, based on DNB, and expandable with your own control requirements • KPI’s based on the IT-related goals and KPI’s defined by Voquals • Level 1 Process Capability Assessment execution & results • RACI based on the standard RACI provided in COBIT5 • ISO-reporting, with links to the related processes • ISAE reporting and Cyber Reslisience compliance reports. Greet Volders _ Voquals N.V. Multi Compliance Framework

  10. Multi Compliance Framework - Processes • In this solution, you manage ALL company processes in an integrated and coherent way. • All organisational structures are linked with the processes. • Reporting is done in a consistent way. SELECT the first topic you want to see Do you want to learn a about ... IT-related Processes and Reporting Control Reporting GDPR Info Security The END Greet Volders _ Voquals N.V. Multi Compliance Framework

  11. Multi Compliance Framework - ICT Processes • IT processes are part of the Supportive Processes • In this part, you find 5 possible views on the complete set of 37 COBIT5 processes • If you click in ICT, you receive the COBIT5 Process Reference Model Greet Volders _ Voquals N.V. Multi Compliance Framework

  12. Multi Compliance Framework - COBIT Processes • All 37 COBIT5 processes are present in this overview • Via this schema you can consult all the processes • This can be done by clicking on the process-box Greet Volders _ Voquals N.V. Multi Compliance Framework

  13. Multi Compliance Framework - COBIT Processes, example After clicking on the process, you receive the detailed flow, with – at the right, the introduction to this process. For each of the detailed boxes exists a description, which can be seen by clicking on each box. These are the steps for “Manage Security Services” Process DSS05 in COBIT5. Greet Volders _ Voquals N.V. Multi Compliance Framework

  14. Multi Compliance Framework - COBIT Processes, example By clicking on abox, you receive the detailed content of that process. For example look at the last practice in “Managing Security Services”, Periodic Reporting. Greet Volders _ Voquals N.V. Multi Compliance Framework

  15. Multi Compliance Framework - COBIT Processes • By clicking on the tree-structure, you find the processes grouped into : • Primary • Management • Supportive processes Greet Volders _ Voquals N.V. Multi Compliance Framework

  16. Multi Compliance Framework - IT Service Processes • Another view on your IT processes can easily be created. • This schema shows the example for IT Service Management • The next schema is focusing on IT Development • All the processes mentioned on this schema refer to the COBIT5 processes, which already exist. • In this way it’s easy to create your own process overview. Greet Volders _ Voquals N.V. Multi Compliance Framework

  17. Multi Compliance Framework - IT Project Delivery Greet Volders _ Voquals N.V. Multi Compliance Framework

  18. Multi Compliance Framework - Management & Reporting • Other management / reporting tools available are : • Level 1 Process Capability Assessment • KPI’s (Key Performance Indicators) • RACI (Responsibility matrix) Greet Volders _ Voquals N.V. Multi Compliance Framework

  19. Multi Compliance Framework - Level 1 Level1 Process Capability Assessment is based on the COBIT5 Process Assessment Model (PAM). This Model enables your organization to assess processes and facilitate continuous improvement. Level 1 is the assessment against the practices and work products specific for each process. Greet Volders _ Voquals N.V. Multi Compliance Framework

  20. Multi Compliance Framework - KPI’s • The Key Performance Indicatorsare: • IT-related goals, • Goals & Metrics per process, and • Voquals’ extensive professional expertise. Greet Volders _ Voquals N.V. Multi Compliance Framework

  21. Multi Compliance Framework - RACI charts Identifies who is Responsible or Accountable for the Practice / Activities, and who is Consulted and Informed about the Practice / Activities Greet Volders _ Voquals N.V. Multi Compliance Framework

  22. Multi Compliance Framework - ISO-standards & Reporting • The Relations with 3 ISO-standards are defined in the IT-related processes • You can easily upload other, additions, standards • Via de relations, you can define the processes and sub-processes that respond to the ISO-requirements Greet Volders _ Voquals N.V. Multi Compliance Framework

  23. Multi Compliance Framework - ISO-standards & Reporting The report contains all requirements, with indication of the processes, or other documents, that respond to these requirements. Some more examples on the next slides. In the portal, all the documents are clickable, and are thus easily accessible for internal & external auditors Greet Volders _ Voquals N.V. Multi Compliance Framework

  24. Multi Compliance Framework - ISO-standards & Reporting Greet Volders _ Voquals N.V. Multi Compliance Framework

  25. Multi Compliance Framework - ISO-standards & Reporting Greet Volders _ Voquals N.V. Multi Compliance Framework

  26. Multi Compliance Framework SELECT the next topic you want to see Do you want to learn a about ... IT-related Processes and Reporting Control Reporting GDPR Info Security The END

  27. Multi Compliance Framework - DNB Control Domains Starting page shows an overview of the DNB Control Domains Overview of the Domains, with links to the Standards / Control Measures Greet Volders _ Voquals N.V. Multi Compliance Framework

  28. Multi Compliance Framework - DNB Control Domains For each DNB Control Domain, the description is available For each DNB Control Domain, the description is available with a link to the sub-topics. Greet Volders _ Voquals N.V. Multi Compliance Framework

  29. Multi Compliance Framework - DNB Control Domains For each sub-topic, there is the description For each sub-topic, there is the description with a link to the required controls. Greet Volders _ Voquals N.V. Multi Compliance Framework

  30. Multi Compliance Framework - DNB Control Domains For each sub-topic, there is the description Greet Volders _ Voquals N.V. Multi Compliance Framework

  31. Multi Compliance Framework - DNB Control Domains For each control there is the description, fields to manage the control Greet Volders _ Voquals N.V. Multi Compliance Framework

  32. Multi Compliance Framework - DNB Control Domains For each control there is the description, fields to manage the controland all related references All these topics are clickable, to see the content !! Greet Volders _ Voquals N.V. Multi Compliance Framework

  33. Multi Compliance Framework - DNB Control Domains For each control there is the description, fields to manage the controland all related references + additional guidance These points are also clickable, to see the content !! Greet Volders _ Voquals N.V. Multi Compliance Framework

  34. Multi Compliance Framework - DNB Reporting Reporting remains to be done with the DNB excel file Greet Volders _ Voquals N.V. Multi Compliance Framework

  35. Multi Compliance Framework - DNB Reporting Collection of the maturity rating is done by sending tasks via the Multi Compliance Framework Greet Volders _ Voquals N.V. Multi Compliance Framework

  36. Multi Compliance Framework - DNB Reporting • The Control Owner • has to fill in the maturity level, • can add some comments and relevant sources Greet Volders _ Voquals N.V. Multi Compliance Framework

  37. Multi Compliance Framework - DNB Reporting The control administrator can easily follow the status of the tasks completed by the control owner. Greet Volders _ Voquals N.V. Multi Compliance Framework

  38. Multi Compliance Framework - DNB-related COBIT Processes DNB- related COBIT processes are presented in in 1 of the pre-defined views Greet Volders _ Voquals N.V. Multi Compliance Framework

  39. Multi Compliance Framework - DNB-related COBIT Processes All these process-boxes are clickable, to consult your process-content !! Greet Volders _ Voquals N.V. Multi Compliance Framework

  40. Multi Compliance Framework SELECT the next topic you want to see Do you want to learn a about ... IT-related Processes and Reporting Control Reporting GDPR Info Security The END Greet Volders _ Voquals N.V. Multi Compliance Framework

  41. Multi Compliance Framework - GDPR GDPRis part of the management processess Greet Volders _ Voquals N.V. Multi Compliance Framework

  42. Multi Compliance Framework- GDPR • GDPR contains all required processes, • and useful information, such as definitions, templates, examples Greet Volders _ Voquals N.V. Multi Compliance Framework

  43. Multi Compliance Framework- GDPR example process Example : Manage Data Processor Agreeement With detailed descriptions Greet Volders _ Voquals N.V. Multi Compliance Framework

  44. Multi Compliance Framework- GDPR example process With detailed description of the 2 sub-parts • With detailed description of the 2 sub-parts • Including links to Data Processor information • With detailed description of the 2 sub-parts • Including links to Data Processor information • And an example Data Processors’ Agreement Greet Volders _ Voquals N.V. Multi Compliance Framework

  45. Multi Compliance Framework- GDPR Reporting • We provide fields to identify the GDPR-sensitive processes • These are available in the various data sets • Each data set contains the required values >> some examples Greet Volders _ Voquals N.V. Multi Compliance Framework

  46. Multi Compliance Framework- GDPR Reporting • These fields are selected for each process • And other information is registered Greet Volders _ Voquals N.V. Multi Compliance Framework

  47. Multi Compliance Framework- GDPR Reporting • For example, to register the Requests from Data Subjects • And the related report Greet Volders _ Voquals N.V. Multi Compliance Framework

  48. Multi Compliance Framework SELECT the next topic you want to see Do you want to learn a about ... IT-related Processes and Reporting Control Reporting GDPR Info Security The END Greet Volders _ Voquals N.V. Multi Compliance Framework

  49. Multi Compliance Framework- Security & Compliance 1 of the pre-defined views is related to Information Security & Compliance Greet Volders _ Voquals N.V. Multi Compliance Framework

  50. Multi Compliance Framework- Security & Compliance Greet Volders _ Voquals N.V. Multi Compliance Framework

More Related