eGRC Strategy and Collaboration Key to Meeting Privacy and Risk Challenges


eGRC Strategy and Collaboration Key to Meeting Privacy and Risk
Challenges

New Ponemon Research Finds Only 20 per cent of Organizations Have an
Enterprise-Wide eGRC Strategy, 28 per cent Cite Lack of Collaboration
among eGRC Domains

News Summary
* New research highlights challenges organizations face meeting eGRC
objectives
* Lack of eGRC strategy and enterprise collaboration largest barriers
to achieving eGRC goals
* Nearly 90 per cent of respondents believe enabling technologies are
essential to meeting eGRC objectives

HOPKINTON, Mass. – May 25, 2011 – EMC Corporation (NYSE:EMC), the
world leader in information infrastructure solutions, and the Ponemon
Institute, LLC – a leader in privacy, data protection and information
security research – today released a study
(http://www.emc.com/collateral/about/news/ponemon-report-egrc.pdf) that
explores the most immediate issues global organizations face in meeting
privacy and risk challenges. Respondents representing global financial
services, technology, healthcare and pharmaceutical industries
identified the largest barriers to meeting these challenges as lack of a
defined enterprise governance, risk and compliance (eGRC) strategy and
lack of enterprise cooperation and collaboration.

Lack of Common eGRC Strategy

Surveying an active group of more than six thousand eGRC practitioners,
the Ponemon study reveals that eGRC continues to emerge as a top C-Suite
priority, yet only 20 per cent of organizations have a clearly defined
eGRC strategy that pertains to the entire enterprise, and 33 per cent
admit they have no eGRC strategy at all.

“Taking an enterprise-wide approach to governance, risk and
compliance by managing information and what that means for all elements
of the organization – IT, legal, human resources and all the requisite
facets – is no longer a choice, it’s a strategic imperative,”said
Tom Roloff, Chief Operating Officer for EMC Consulting. “It is only
through a multi-faceted and integrated view of information sources and
requisite policies that organizations can satisfy the growing
requirements of corporate boards and regulatory agencies for an
integrated, centralized risk and compliance strategy.”

Lack of Collaboration

The study also found that while eGRC responsibilities are rapidly
spreading from the IT epicenter out to the operations, finance and legal
domains, collaboration among and between these critical areas is lagging
behind. Only 28 per cent of respondents report that their organizations
enjoy frequent collaboration or cooperation among eGRC domains and 12
per cent admit their eGRC functions still operate in silos.

Just how distributed have eGRC activities become? The Ponemon report
uncovers that while governance activities are still most likely located
in IT, risk management activities are usually managed within the
associated domain. Similarly, compliance activities typically reside in
their own corporate compliance function while privacy and data
protection management is most likely to be located in the legal
department. When it comes to ranking the importance of these fundamental
eGRC activities, risk management takes first place at 32 per cent,
followed by compliance at 27 per cent, governance at 22 per cent and
privacy and data protection at 20 per cent.

“Silos are the enemy of an effective eGRC program,” said, Dr. Larry
Ponemon, Chairman and Founder, Ponemon Institute for Privacy Research.
“These departments deal with related information and business
processes around policies, business processes and multiple regulations.
Unfortunately, they are not talking to each other which results in a
great deal of waste and inconsistency. Without collaboration across
functions the business is at risk.”

Privacy Emerges as eGRC Collaboration Flashpoint

Regardless of their industry, all organizations report that managing
privacy regulations
by geography and in accordance with country or state
laws is a driving factor in their organization’s move to an integrated
program that supports IT, Legal, Operations and Finance. Respondents
identified their top two privacy challenges as 1) ensuring data shared
with third parties will remain safe and secure and 2) complying with all
appropriate regulations.

“Privacy and data protection is a particularly pressing issue,”
said Dr. Ponemon. “Today these essential privacy management
responsibilities are typically split between the legal and IT functions.
While the legal department plays a dominant privacy role overall, IT
still holds accountability for implementing controls to address privacy
regulations. So you can see why the IT and legal teams need to speak the
same language and collaborate like never before to reduce enterprise
risks.”

Collaboration at Work

“This research highlights collaboration as both a critical need and a
growing exposure point in complex organizations,” said Dan Burks,
Chief Privacy Officer and Director of Vendor Risk Management of US Bank.
“Organizations that get people to talk together about eGRC and
collaborate help ensure their program’s success. Developing risk
‘ambassadors’ within each business line has been an enabling
factor for collaboration within our organization.”

“Policy management, incident response, and compliance monitoring are
critical for highly regulated and litigious industries, but frequently
organizations outside these industries ignore day-to-day business risks,
including using e-mail for communications and employee litigations,”
said Jeff Bettencourt, General Manager, Information Governance
Solutions, EMC. “Organizations that truly understand the critical
dependencies across domains and can align policies, processes, and
technologies, gain greater visibility and control to more effectively
manage risk across the enterprise. This can be a key competitive
advantage.”

Looking ahead, nearly 90 per cent of respondents believe enabling
technologies are essential or very important to achieving eGRC
objectives. The applications that are most likely to be deployed to
facilitate eGRC-related activities include risk assessment (81 per
cent), policy management (75 per cent), controls assessment (73 per
cent), incident response and management (68 per cent), and compliance
monitoring (63 per cent).

About EMC’s eGRC Portfolio

The EMC eGRC portfolio of technology, business solutions and
professional services provides an integrated solution to help
organizations manage risk and compliance requirements across the
enterprise on a consistent, ongoing basis. To learn more about the EMC
eGRC portfolio visit www.emc.com/egrc or attend an Active eGRC Seminar
at a city near you www.emc.com/egrcseminar.

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible
information and privacy management practices in business and government.
To achieve this objective, the Institute conducts independent research,
educates leaders from the private and public sectors and verifies the
privacy and data protection practices of organizations in a variety of
industries.

About EMC

EMC Corporation (NYSE: EMC) is the world’s leading developer and
provider of information infrastructure technology and solutions that
enable organizations of all sizes to transform the way they compete and
create value from their information. Information about EMC’s products
and services can be found at www.EMC.com.

EMC Canada (www.EMC2.ca), headquartered in Toronto with nine offices
from coast to coast, is a wholly owned subsidiary of EMC Corporation.

- 30 -

For more information contact:
Mike Martin/Michelle Chang
StrategicAmpersand
416-961-5595
mike@stratamp.com
michelle@stratamp.com


EMC, RSA and RSA Archer are registered trademarks of EMC Corporation in
the United States and/or other countries. All other product and company
names herein may be trade
marks of their respective owners.


If you do not wish to receive news releases from EMC Canada please
reply to this e-mail with "remove" in the subject header.