L loyd dawson 2010 it grc at psc
description
Transcript of L loyd dawson 2010 it grc at psc
Lloyd Dawson, Director, IT ComplianceJune 2010
IT Governance, Risk, and Compliance (GRC) at PSC
Agenda
• PSC, LLC
• IT Organizational Chart
• Why IT GRC at PSC
• IT GRC Strategies, Operations, and Tactics
• IT GRC Results
• Question and Answer
PSC, LLC
PSC North America Locations
IT Organizational Chart
• Vice President of IT – Pamela Rucker – Professional staff and outsourced services– Support 4 Lines of Business
IT Compliance Responsibilities
Why IT GRC at PSC
Strategies, Operations, and Tactics
IT Risk Management
ISO 27005:2008based process
Risk Management Internal Audit
IT Security – Account Administration
ISO 27002:2005based policy
IT Compliance
• 2008 – Baseline controls• 2009 – Expanded coverage controls• 2010 – Complete coverage controls• PSC received nomination for ISE Security Executive of the Year
(http://www.iseprograms.com/central_project_nominees.asp)
IT DRP
• Close coordination between HR and IT• Annual/as required updates and tests• Special DRP ‘kits’ for key plan participants• Conferences and seminars
IT HR
DRP = Disaster Recovery Plan BCP = Business Continuity Plan
IT Change Management
ITIL-basedProcess
CAB = Change Advisory Board
IT Vendor Management
RelationshipManagement
Control Visibility
IT GRC Summary
• Controls• Regulations • Ownership• Accountability• Measurements• Sustained• Coordination• Cost Control
Results
Question & Answer