Security, privacy & resiliency
Every organization has operational requirements that are non-negotiable: protecting intellectual property and customer information, providing convenient and secure access to products and information, complying with regulatory mandates. Maintaining vigilance in these areas is a strategic imperative that requires a proactive approach. Reacting after the fact doesn’t work — and could well precipitate organizational crisis.
To enhance the security, privacy and resiliency of our clients organization, they need to work with trained professionals. Deloitte can help. Our security professionals can help youour clients address a full range of security issues — from identity theft, data security breaches and information leakage to cyber security and system outages. To help our clients manage their information and technology risks, we use proven methodologies and tools to deliver end-to-end solutions, including:
Bussiness continuity management
Resiliency is a critical component of successful business management. Experience shows that typically more than 50 percent of businesses without an effective resiliency plan will ultimately fail following a major disruption. The need to ensure continuity of service has never been greater due to more organizations operating 24/7 and an increasing dependence on technology to conduct business. Increasing stakeholder and regulatory expectations demand an approach that ensures equal consideration is given to managing the immediate and longer term outcomes from incidents affecting people, processes, systems or events external to the organization.
•Occupational Health & Safety audits
•Current state assessments
•Business Impact Analysis
•Operational Risk Assessments
•IT Service Continuity strategies
•Business Continuity Plans
•IT Continuity Plans
•Emergency Response Plans
•Crisis Management Plans
•Testing and Exercising
Deloitte's experience combined with the use of a robust operational resiliency framework methodology help our member firm clients create organizational resiliency, a state in which issues are identified and prevented before they arise, and prepare the client to manage the unexpected.
Our BCM Methodology is based on a BETP (Buildings, Equipment, Technology, Human Resources and Third parties) approach and is aligned to the international standard for BCM, BS25999, as well as the Business Continuity Institute's Good Practice Guidelines.
Enterprise Application Integrity
The scope and breadth of Enterprise Applications has grown to support new processes, businesses and technologies. With this progression, SAP and Oracle have developed functionality and increased integration as information is shared between parts of the organization using web-enabled solutions, portals and exchanges. This functionality has brought new business risks to information integrity. In addition, regulators and auditors are raising their expectations and now require evidence that companies have addressed these risks and that programs are in place to actively identify and resolve controls issues in an ongoing manner.
Leveraging our know-how and tools, we can help our clients meet the requirements of their regulators, auditors and internal stakeholders by addressing the following areas:
- Access Management and ERP Security (SAP, JDE, Oracle, Navision etc.) - design and implementation of the application security structure and establish access rights which support the requirements of the business. Security accelerator templates provide guidance related to role definition and applicable Segregation of Duties. This process includes security set-up, maintenance, administration and operations for all environments, as well as development, quality assurance, training and production.
- ERP-enabled business controls - design and implementation of an internal control framework that leverages a cost-effective mix of automated and manual controls embedded in the automated business processes. These controls may include internal controls over financial reporting as required by Sarbanes-Oxley and other similar regulations and potentially other operational, compliance and privacy-related controls, depending on management's requirements.
It is estimated that more than half of any company's intellectual capital, financial and employee data, is in digital format. We at Deloitte can assist our clients in creating a comprehensive approach to data privacy in conjunction with rules and regulations of leading countries while using our global framework to deliver our services.
IT Risk Assessment
IT Risk Assessment encompasses the identification of current risks and controls as well as enhancement of current controls with the help of best practices. In delivering this service, we make use of Deloitte's global best practices database and our proven methodologies and tools, this service helps to enhance current processes and mitigate major IT risks.