Looking forward to the IRM UK EA/BPM conference in October 2020, hoping it will be in the physical world, otherwise online.
Session title: Jenga and the Art of Business Architecture
Bill Blackburn, @CafeAssociates & Matthew Bryant, Chief Information Security Officer, Monese
We will look at how organisations have benefited by taking an architectural approach to GDPR and wider information security programmes and how this has been influenced by maturity and cultural aspects.
GDPR preparation during 2017-18 was challenging for organisations seeking to embed privacy management practices and information security disciplines. The challenges arose largely from the lack of foundational building blocks. The situation has been further exacerbated by complex supply chains, with outsourced services for business processes plus tiers of hosting and support arrangements for information systems. Hardly surprising that it was difficult to provide transparency to customers and to colleagues when the people running the organisation didn’t actually know the detail.
Organisations have needed to understand and capture their processes and how information is being used and shared. This investment creates many of the elements of a business architecture and the opportunities that can provide in terms of enabling further business transformation.
Organisations have taken time and effort to put in place mechanisms to meet data privacy obligations and to respond to a range of information security threats. GDPR has provided an impetus largely through the potential enforcement actions. Similarly, high-profile cyber security incidents have resulted in reputational damage.
The session will discuss:
- The challenges encountered when implementing data protection/information security programmes and how these have been addressed
- Incorporating privacy management and information security aspects in business and technology architectures
- Organisational maturity and cultural considerations
- Case studies providing practical examples of how organisational maturity and cultural aspects need to be factored into implementation programmes