Local Government and IT Governance

The User Awareness and Accountability Challenge

IT Governance is of the utmost importance to any organisation, not least to Local Government, where the availability of information is fundamental to the delivery of essential public services. With the increase in legislation and the rising public awareness of information security threats, Information Governance has never been so crucial. The biggest challenge for delivering user awareness lies in managing the risks associated with making the information available to employees; how can Local Authorities ensure that information is accessible to the right people at the right time, whilst ensuring its confidentiality and integrity? User awareness is the key to the development of a culture that properly values protects and uses information for the public good.

“It is important to use technology to reinforce the security message.” SOCITM Consulting “…the task of improving information security will always be a continuing process.” Sir Gus O’Donnell, Data Handling in Government 2008 “High levels of data security must be underpinned by a culture that properly values, protects and uses information....This has to be led from the top of departments, and include all those involved in the management of and access to personal data.” Data Handling in Government “A robust and enterprise wide awareness and training programme is paramount to ensuring that people understand their IT Security responsibilities, organizational policies, and how to use and properly protect the IT resources entrusted to them.” NIST “The PEOPLE factor, not technology, is key to providing an adequate and appropriate level of security.” NIST

To date, user awareness and employee engagement campaigns have typically been conducted by email, corporate intranet or by a manual, paper based approach. All of these methods are time consuming, costly, will not stand up to scrutiny and provide inconsistent governance results.

MetaCompliance, the market leading IT GRC solution, enables Local Authorities to deliver a best practice, sustainable IT Governance awareness programme, right across the organisation. It is an uncomplicated solution that is easy to implement, straightforward to manage and allows organisations to achieve quick wins in best practice user awareness.

MetaCompliance is a tool that will deliver auditable staff communication and enables Local Authorities to deliver on a number of compliance requirements, such as CoCo, ISO 27001, Data Protection and the LGA Data Handling Guidelines.

MetaCompliance delivers a number of enhanced benefits to organisational IT Governance programmes:

• Develop, automate and maintain a continually updated programme of staff awareness raising and verifiably communicate IT Governance messages to all users, right across the organization;
• Periodically monitor and measure understanding and awareness of policies, procedures and data handling practices
• Undertake regular risk assessments to ensure the confidentiality, integrity and availability of information that ensures the automatic inclusion of new employees in the IT governance programme;
• Enforce compliance and provide evidence of due care for 3rd party suppliers and contractors;
• Automate the entire Governance lifecycle to ensure best practice, optimized IT Assurance.
• Provide users with an interactive, highly visual portal for all compliance and governance needs.

Next Steps...