University of the Arts London, established in 2004, is Europe’s largest specialist arts, design, and communication university. Comprised of six Colleges, it has a growing international reputation in the areas of arts, design, fashion, communication and performing arts. The university has around 19,000 students from over 100 countries, and employs more than 3,500 staff. Additionally, it offers many short courses, attended by more than 20,000 students each year.
The proper management of the personal data of all those connected to the university, therefore, is a huge concern and a fundamental responsibility of all those employed by the university. The importance of nurturing a first-class compliance culture is something that the university IT services department identified as a top priority for all those working at every level of the organisation.
Jim Nottingham, Chief Information Officer and Director of University IT Services, spelled out the size of the task at hand: “As the largest specialist Arts and Design university in Europe, the security of the information we deal with is of the utmost importance. In line with industry-standard best practice, and advised by the ICO, we decided to put in place a policy management solution that would allow us to improve user awareness of acceptable information management behaviour, whilst also capturing the audit reports necessary to measure the University’s level of policy compliance.”
After assessing the range of options available to them, University of Arts London decided that MetaCompliance software would be an ideal investment. As Jim Nottingham commented, “After exploring the market we decided to invest in the G-Cloud approved MetaCompliance solution.”
The Metacompliance Advantage suite covers all stages of the governance lifecycle. It provides the enforcement functionality to underpin staff participation and awareness. It is the very centre of the Metacompliance mantra of “Engage, Educate, and Enforce”.
Jim Nottingham is quick to recognize this uniqueness of the Advantage Suite: “The MetaCompliance product will allow us to manage, enforce, and sustain our entire information governance lifecycle and develop an educated, vigilant workforce that properly uses, values, and protects the information held within our perimeters.”
The benefits for an organisation that operates at the scale at which the University of Arts London operates are clear. The unique self-certification technology contained within MetaCompliance’s Advantage suite guarantees 100% user participation in Compliance and Information Governance initiatives. The automation capabilities of the software was a huge attraction for the University of Arts London, as Jim Nottingham reveals: “The Metacompliance suite automates and manages the key tasks associated with user awareness and engagement in order to ensure careful management of all information. This includes including risk assessment, the measurement of organisation wide IT security posture, and policy management.”
The key to protecting any organisation from compliance and information security problems is the participation of all users, at every level of an organisation, in on-going initiatives that mitigate the risk of incidents and compliance failure. Moreover Advantage addresses the growing problem of demonstrating compliance with legislative requirements and proving due care to third party auditors and regulators. Advantage counters this by enabling governance stakeholders to initiate long-term compliance strategies that automate those processes that are typically prone to human error. The reporting capability of the software allows problem users, departments or regions to be easily and quickly identified in the Advantage Governance dashboard.
Jim Nottingham has the final word on the investment of the University of Arts London in MetaCompliance: “With MetaCompliance we will now be able to evidence that we have developed and communicated policies and training to staff and that these key policies have been fully understood.”
MetaCompliance has a clear vision of making Compliance and IT Security easier for organisations. The software can ensure the active participation of all staff in compliance initiatives such as policies, eLearning, and surveys, thus mitigating the risk of compliance incident and the associated fines. The software can be used to demonstrate that staff understand compliance obligations by being tested with questions. The ability to deliver increased user participation in compliance and IT Security campaigns provides the necessary audit information to generate reports that demonstrate the organisation’s “duty of care” to Regulators.