Eric Feron
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-11-2020 12:06 PM
Business are adapting to a very new situation in order to continue performing. For example, many encourage employees to work from home. These new measures themselves create new business risks. Will your VPN cope?
Scott Ferguson, Director of Product Management (Risk) at ServiceNow, explains how to use GRC to manage these new risks. And there is more than simply being reactive. Check out the video and the slides.
00:01 Introductions
00:45 COVID-19 pushed a lot of people to suddenly work from home. This creates new risks for your business. Loss of productivity? Where are the company's laptops? Will confidential information be printed out and discarded? Etc.
3:20 A simple framework to handle these new risks with GRC.
3:52 Start with the Control Objective.
4:50 Then create the right Entities (in this example, every Department is an Entity).
5:25 And now the Controls to be assigned to all Department Heads. IT-related of course, but also HR-related, like checking on proper work-life balance. etc.
6:45 Set up the Control Indicators. Indicator Template for each Control.
8:19 Then Test all the Controls, no need to wait for the Audit.
9:18 Do not bite more than you can chew: start with the most important items, prioritize and iterate.
10:10 From fire fighting to preparedness: Business Continuity Plans.
12:39 What you should do right now: take a look at your Entities and Controls, and prioritize, educate yourself with the tutorials, start thinking of Business Continuity Plans, engage in the GRC forums.
14:19 Conclusion.
Download the PDF slides below.
- 475 Views
