Information Assurance: The User Awareness Challenge
User awareness is fundamental to Caerphilly County Borough Council’s Information Assurance objectives. The requirements for automating this area of Information Assurance was being driven by the increasing importance of data handling and data security for which a number of legislative and regulatory initiatives have been introduced including the Government Connect Standard (GCSx), PCI DSS, ISO27001 and adherence to the Data Protection Act. It was imperative that Caerphilly County Borough Council was able to ensure understanding and compliance amongst staff, elected Members and trusted third parties and provide demonstrable evidence of awareness and engagement activities.
Caerphilly County Borough Council was aware that the customary methods of employee communication, such as email and corporate intranet, would not allow them to fulfil their regulatory obligations. An enhanced, sustainable model for Information Assurance was required, one that would deliver continuous and repeatable user awareness and accountability right across the organisation. Caerphilly County Borough Council realised that in order to achieve this effectively, it required a dedicated compliance automation tool, one that would meet their very specific, best practice requirements.
The Solution - MetaCompliance: A Market Leading Information Assurance Awareness solution
Caerphilly County Borough Council‘s 10,000 strong workforce is made up of a diverse range of staff, 4,000 of whom are IT users who must be consistently included in the IT Assurance awareness programme. Alongside this, Caerphilly County Borough Council required an uncomplicated solution that would be straightforward to implement, unburdensome to manage and would allow them to achieve quick wins in user awareness and accountability across the Council.
After going to the market through a competitive and rigorous tender process, Caerphilly County Borough Council has selected MetaCompliance Advantage the market leading policy management solution, to assist in underpinning their user awareness and employee engagement requirements.
Underpinning Information Assurance in Caerphilly County Borough Council
Deploying MetaCompliance will bring a number of key benefits to the Information Assurance programme at Caerphilly County Borough Council:
All employees that have access to information, including trusted third parties and non electronic users, will be included in the Information Assurance programme.
Employee awareness is the single biggest differentiator between nominal and best practice information governance programmes, and is an essential factor in maintaining regulatory compliance and IT Assurance. Traditional methods of communication, such as email and corporate intranet, simply won’t deliver the necessary levels of awareness that are required. Organisations must look to specialist compliance automation tools to ensure that they develop an educated, vigilant workforce that properly uses, values and protects the data held within its perimeters.
Paul Lewis, Caerphilly Council’s IT Development Manager, said of the new deal, “The Council is committed to ensuring that we have robust, secure data systems and that our staff are well informed about their responsibilities in this increasingly important area of work. The MetaCompliance Advantage solution fits our requirements well and I feel confident that the software will provide wide-ranging benefits over the coming years."