Cloud Data Security & Resilience , Cloud Security , Governance & Risk Management
Why Successful Compliance Programs Prioritize Business Value
Target Business Outcomes Above All Other Considerations, Says Wipro's John HermansFor governance, risk and compliance projects to be successful, they must focus on delivering business value above all else, said John Hermans, head of Europe cybersecurity and risk services at Wipro.
"Being compliant is not just something you're doing for the auditor," he said. If it was, it would be a checkbox exercise that might not deliver any business value. That's why, he said, organizations must never stop asking: How will this program deliver business value?
Successful programs focus on protecting customer data, ensuring online services remain up and running, and maintaining effective disaster recovery and cyber resilience capabilities, he said. "The real importance of being compliant and doing that in a very effective and efficient manner is to safeguard the interests of all stakeholders of your organization - customers, employees, board members and regulators," Hermans said.
In this video interview with Information Security Media Group, Hermans also discussed:
- How an organization can best match its continuous compliance strategies to its business environment;
- Best practices for integrating this approach into the organization's culture and security hygiene;
- Specific, concrete deliverables that organizations can expect to achieve with a GRC program.
Hermans is a cybersecurity and compliance expert who serves as a member of Wipro's European leadership team and a part of Wipro's global cybersecurity leadership team. He has 30 years of GRC and cybersecurity experience working with organizations in numerous industries, including financial services, energy, telecommunications, retail and government. He previously served as a partner at KPMG, heading its EMEA cybersecurity services.