Legal and Regulatory Compliance

Document Sample
 Legal and Regulatory Compliance Powered By Docstoc
					  Legal and

              Ensuring your staff, policies and procedures are
              compliant with legal and regulatory requirements
              and industry best practice
              Effective information management is a           • Structured Improvement Plans
              priority for every organisation today. The
              use of IT – for applications such as identity   • Training and awareness programmes.
              management or network monitoring –
              plays a key role in achieving this objective,   Who’s responsible?
              but businesses now have to ensure their         Regulatory and legislative risks affect all
              systems meet the demands of an ever             areas of your business – they’re not just
              increasing tide of legislation too.             the concern of legal or HR departments.

              The Data Protection Act (DPA) and               Your directors and senior managers, for
              Freedom of Information Act (FoIA) are           example, need to be aware that they have
              important examples and it’s critical that       responsibility and accountability for risks
              organisations reconcile the requirements        and that, in particular, the task of
              of these Acts with their own supporting         managing information risk does not fall
              policies to ensure that they correctly          solely to IT managers. Liabilities (Director,
              manage their legal exposure and risk.           Corporate and Personal), and the
                                                              consequences of non-compliance, carry an
              At a practical level, too, organisations need   obligation for everyone from the top down.
              to understand the legal complexities
              involved in activities such as monitoring of    A strategy for compliance
              email, voice, SMS or web communications.        One of the best approaches to achieving
                                                              legislative compliance – and endorsing
              Insight Consulting can help you meet these      relevant industry best practice – is by
              obligations with a comprehensive range of       conducting Compliance Audits and Policy
              compliance-based services that include:         Health Checks of your business. The
                                                              results of these activities will provide you
              • DPA and FoIA Compliance Audits
                                                              with a Structured Improvement Plan that
              • Policy Health Checks (eg. email, Internet,    will also help you prioritise your policy
                Acceptable Use)                               development and staff training needs.
Assessing and mitigating information                                    They can address:                            Key features
and asset risks is vitally important in
                                                                        • Data Protection Policy                     • Compliance Audits for Data Protection
demonstrating compliance to regulators.
Risk management best practice dictates                                  • Information Security Policy                  Act and Freedom of Information Act
that organisations assess information and                               • Acceptable Use Policy
                                                                                                                     • Policy Health Checks to review existing
supporting infrastructure risks as well as                              • Monitoring Policy                            policies against legislation and industry
identifying the objectives and underpinning
                                                                        • eMail Policy                                 best practice
controls most appropriate to their needs.
                                                                        • Internet Policy
                                                                                                                     • Training and awareness programmes
Compliance Audits                                                       • Communications Policy                        to ensure staff understand their
An often misunderstood area of law is                                   • Staff Handbook                               compliance obligations
data sharing and its impact on activities
                                                                        • Employment Contracts
such as recruitment, sales and marketing,                                                                            • Service delivery by consultants with
employment, eTrading, communications                                    • Information security-related                 extensive operational experience across
monitoring and web development.                                           third party Contracts.                       a broad range of public and private
                                                                                                                       sector organisations.
               Type of review           Internal      Outsourced    Outsourced          A road map for compliance
                                      compliance      compliance    compliance          Following an audit or
Resources                                 audit         audit      audit & policy
and involvement                                                    health check         health check, Insight’s
Internal knowledge requirements          High             Low             Low
                                                                                        specialists can continue
Internal resources requirements          High           Medium          Medium
                                                                                        to work with you to help
Project time                             High           Medium          Medium
                                                                                        implement or oversee
Compliance                                 -1              0               +1
                                                                                        the changes recommended
                                                                                        in a Structured
Benefits of compliance audits                                                           Improvement Plan.

An Insight Compliance Audit will provide                                These can include the deployment of
you with a comprehensive, and impartial,                                proposed technical solutions, organising
assessment of how well your organisation                                education programmes or advising on the
meets each of its legislative compliance                                development or updating of your policies
obligations. We’ll also provide you with a                              and procedures.
                                                                                                                     Insight Consulting is the specialist security,
Structured Improvement Plan detailing
                                                                        Training and awareness                       compliance and continuity unit of Siemens
the corrective actions you’ll need to take
                                                                        An educated workforce is at the heart of     Communications and offers a complete,
to achieve compliance. And, because our
                                                                        any compliant organisation and Insight       end-to-end portfolio encompassing:
recommendations are prioritised, you’ll be
able to ensure that corrective efforts and                              offers a range of training options for       • Research
resources are focused on the most                                       managers, practitioners and employees
                                                                        that includes public courses, bespoke        • Consultancy
appropriate areas of your business.
                                                                        training and eLearning solutions. Our        • Testing
Policy Health Checks                                                    training specialists can assist you in
                                                                        developing an integrated training and        • Implementation
Policy Health Checks represent a cost
effective way of examining your existing                                awareness programme to ensure that the       • Training
policies and documentation and assessing                                appropriate levels of knowledge are
                                                                        cascaded throughout your organisation        • Recruitment
their degree of compliance with relevant
legislation and industry best practice.                                 levels in a structured, efficient and cost   • Managed services
                                                                        effective manner.
                                                                                                                     Insight is BS7799 certified, is a GCat and
                                                                                                                     S-Cat (Category 7) supplier and subscribes
                  Confidentiality         Integrity         Availability
                                                                                                                     to the CESG Listed Advisor Scheme (CLAS)
                         Web page and
                         data security
                                                       and monitoring
                                                                                                                     and CHECK services.
                  Investigations/     Employee and       Unauthorised access
                     discipline     contractor contracts     to systems                                              If you’d like to discuss how Insight could help
Compliance                                                                         Policy
  Audits                                                                        Health Checks                        you manage risk in your organisation, email
                                       Legislation                                                                   us at or visit our web
                    e.g. DPA, FOI, Human Rights Act, RIPA, LBPR, PACE,
                     Computer Misuse Act, privacy regs, contract law
                                                                                                                     site at

                                                                                                                     Insight Consulting
 Training                                Policies                               Improvement                          Churchfield House
               e.g. Data Protection, monitoring, staff handbooks, contracts
                                                                                    Plans                            5 The Quintet
                                                                                                                     Churchfield Road
                                        Standards                                                                    Walton on Thames
                      ISO 17799, ISO 9001, Infosec standards, PAS 56
                                                                                                                     Surrey KT12 2TZ
               Our methodology for legal and regulatory compliance                                                   United Kingdom

                                                                                                                     Tel: +44 (0)1932 241000
                                                                                                                     Fax: +44 (0)1932 244590