In today’s global environment, developments in technology have allowed businesses to reach a wider audience. This has brought benefits, such as increased customer base, global suppliers, economies of scale, however it has also brought significant risk, not least to Information Governance. Data, the lifeblood of every organisation, both public and private, is more at risk than ever before. Data is a valuable commodity, one which criminals can make high profits from and the loss of which can damage a business in many ways.
Many organisations have invested in technology to protect the perimeter, however as recent headlines have clearly shown, they have overlooked the single biggest threat to the Security of Information, People.
The majority of major data breaches that have occurred over the past 18 months can be directly attributed to employee behaviour, an inability to follow policies and procedures that has had catastrophic results; millions of personal records being compromised, a plethora of government investigations, heavy fines and sanctions, continuous media coverage and reputational damage.
Your employees are at the root of effective Information Governance, and without making them aware of their responsibilities with regards to the guardianship of data, you are placing your business at increased risk of a data breach. The UK Information Commissioner, Richard Thomas, sets out a model for Information Governance which places employees at the core of information security.
All major regulatory frameworks, such as ISO 27001 and PCI DSS stipulate that ALL users must be included in IT Compliance initiatives. Organisations must ensure that employees read and understand policies and procedures relating to IT Security, and be able to evidence this in order to achieve compliance. This is an impossible task without the help of automation.
The MetaCompliance unique self certification technology places the responsibility for the security of information directly at the feet of the employee, where it belongs. MetaCompliance Survey and Risk Assessment allows organisations to measure the IT Security posture in real time, and test user understanding of mandated policies and procedures. MetaCompliance reporting provides the detailed information required to put in place effective remediation that will help improve the IT Security posture and bring the organisation in line with IT compliance.