The availability of information is essential to the delivery of public services in Central Government; as a result IT Security Compliance has never been more important. Information security threats are taking place at a frequent rate, damaging the reputations of key governmental departments and posing a great risk to the security of national data. A startling trend which is apparent across all of these breaches, is that 95% can be credited to Human Error, proving that employees continue to pose the biggest threat to an organisations data security.
A major requirement of many IT Security frameworks such as the Data Protection Act, ISO 27001 and GSXc, and one that has been long recognised as the cornerstone of any successful information security strategy is the participation, accountability and awareness of ALL users in an organisation. This can only be achieved by engaging the user in an ongoing, interactive communication process. However, in light of the continuing data security breaches, this is something that central government is struggling to manage.
Recent data losses and thefts have underlined the need for urgent action to improve data protection right across government and to bring about a fundamental change in culture among those who are entrusted with the public's personal records.Sir Gus O’Donnell - Data Handling in Government 2008
…security of agency resources is as much a human issue as it is a technology issue.NIST Special Publication 800-50
The PEOPLE factor, not technology, is key to providing an adequate and appropriate level of security.NIST
MetaCompliance policy signup software enables Central Government to maintain the main elements of IT Assurance; integrity, confidentiality and availability, whilst diminishing the risks posed by employee data handling. The software enables the organisation to implement sustainable user engagement programmes that continually enforce and reinforce awareness of user responsibility and best practice Information Governance. This is the core requirement of all regulatory frameworks that govern data protection.
MetaCompliance provides the user with a single point of interface for all compliance responsibilities. The software can be used to enhance the existing user awareness scheme such as e-Learning, which is widely used in Governmental Departments. Central Government employees are well aware of the public exposure associated with data loss and they understand the importance of taking part in compliance initiatives. MetaCompliance allows the user to manage their compliance tasks and respond to compliance communications at a time that fits into their work schedule. A drop dead date can be set, ensuring that the communication mechanism can only be ignored for a set period of time and a response is captured from the user in a certain time frame.