Local Authorities raise awareness of CoCo with MetaCompliance Advantage

By Tara Hutton

April 7, 2009

The March deadline for the Government Connect Code of Connection has come and gone, with slightly over 50% of local authorities having reached compliance with the CoCo Standard, and the remainder on target for the final September deadline.  However, with recent continued investigation into improper access of the Department of Works and Pensions database, the question is being asked, is delivering on user awareness an impossible task for the public sector?

The dual issues of user awareness and user accountability have plagued public sector IT Security over the past 18 months.  In light of this fact, ensuring that users are fully aware of their responsibilities with regards to the handling of sensitive information is a core component of compliance with the Government Connect Code of Connection framework.   Over 140,000 central and local government employees have access to the DWP database, and policing this vast amount of users continues to be a problem for all organisations involved, as illustrated by the investigation of 14 instances of improper access of the database in the latter part of 2008.

Leading IT GRC company, Baronscourt, offer a solution to the problem of user awareness in government organisations, in the form of MetaCompliance Advantage, the newest addition to the MetaCompliance suite of information security solutions.  Baronscourt UK Country Manager, Anna Kelpie, has been working closely with the Local Authority sector in implementing effective user engagement programmes that enable organisations to increase user awareness and accountability, and achieve compliance with the CoCo standard.  She gives us her view on the main issues facing local authorities in dealing with user awareness and accountability, and how MetaCompliance Advantage is helping organisations tackle these issues:
 

• Ensuring 100% participation in compliance initiatives – This is a challenge for most organisations, particularly central and local government.  However this is one of the key success factors in a best practice information governance environment.  Automating compliance communications with MetaCompliance self certification allows organisations to effectively engage all employees, and increase user awareness and accountability significantly over a short period of time;

• Demonstrating due care to auditors and regulators - Providing the evidentiary weight required to prove compliance on an ongoing basis is problematic, a time consuming task.  MetaCompliance secure audit and reporting allows organisations to prove the effectiveness of their compliance activities in real time, on an ongoing basis, with minimal time or effort;

• The ongoing measurement of IT Security posture - it is incredibly important to provide a starting point, a baseline, from which organisations can assess and review the effectiveness of their compliance activities.  But where do you start, and how can organisations get a complete measurement using elective methods such as email, intranet or manual documents? The sophisticated surveying and risk assessment functionality of MetaCompliance Advantage has allowed organisations to automate this process, ensuring the participation of all users,  and providing real time data against which to benchmark the compliance lifecycle;
  

• Changing Organisational Culture - Various governmental reviews on data handling in the public sector have pointed to the lack of an IT Security culture, a lack of awareness among staff as the main threat to data security.  Increasing awareness and accountability has been proven to have a positive effect on data security, but public sector compliance and governance professionals continually ask how they can effect cultural change in organisations with thousands of users and ingrained processes and norms.  Automating IT Security and compliance processes with MetaCompliance replaces the human error and fatigue associated with repetitive compliance problems, guarantees the participation of all users, and transforms organisational culture into  one of a mature, best practice governance environment. 
  

MetaCompliance Advantage automates the key compliance issues associated with user awareness and engagement, enabling governance stakeholders to initiate a long term compliance strategy that ensures the continual measurement and control of user awareness over time. Baronscourt will be in attendance at the upcoming InfoSecurity Europe Exhibition in April.  If you would like further information on MetaCompliance Advantage or any products in the MetaCompliance suite, please visit us at stand K92, or call 0207 917 9527 to arrange a short demonstration.  

More...

Next Steps...