Google Trends announced a sudden increase in the search for “Business Continuity Planning” phrase during the lockdown; IT experts answer the questions related to BCP and GRC to ensure seamless productivity
IT leaders acknowledge that the pandemic forced organizations to reconsider the previously low-priority back-to-office functionality. Organizations are shifting from tackling localized risks via third party InfoSec, supply chains, and operations based on economic growth to managing the same issues under much less certain scenarios. Security leaders are working to build fail-safe contingency plans.
CIOs acknowledge that organizations can prepare and navigate through disruptive situations like cybersecurity breaches, natural disasters, embezzlement, fraud, terrorist attacks, etc. if they have a robust Governance, Risk, and Compliance (GRC) policy and BCP plan.
Considerations before implementing GRC
IT leaders feel that before investing in GRC tech, organizations need to streamline their employees and teams towards a common goal and clearly define the protocols related to GRC. CIOs say that the biggest challenge related to GRC implementation is that of over-complication of the simple process.
GRC’s advantages over other tools
IT leaders advise comparing existing tools in the market with GRC tech before implementing the same in the organization. GRC is a highly dynamic tech that changes constantly to be able to meet the changing guidelines of the government, industry, and customer requirements. CIOs say that organizations are striving to adopt the agile methodology and be proactive in identifying and preventing threats.
Security leaders are exploring the latest platforms which allow easy modification of policies and workflow processes without the requirement to pay exorbitant prices to third-party consultants each time. They seek templates and best practices list to be created between peer organizations for basic compliance or regulatory workflows followed across the industry.
Cross functionality in organizations for risk management
CIOs say that organizations must cultivate a risk culture from top management to the end employees. This is important to identify and tackle risks at the initial stages itself. C-suite leaders and key stakeholders need to collaborate and create core statements. The same should be shared with pan-organization and motivate the employees to achieve the goals. Regular communication about risk is necessary to prevent an unauthorized breach.
IT leaders point out that most new tools fail because of the lack of a good feedback loop. They say that the top-to-bottom approach should be adopted when seeking feedback. It’s critical to involve end-users at the initial stages itself. Their opinion on customization and tool selection is important for effective tool deployment.