MetaCompliance Automation: Local Authorities Achieve IT Assurance in 5 steps

By Leona Harkin

June 10, 2009

Availability, integrity and confidentiality, these are the three main tenets of IT Assurance which many organisations struggle to achieve and maintain.  Traditionally, investment has been focused on end point technologies, designed to protect the perimeter and stop the bad guys getting in.   But this approach simply cannot deliver IT Assurance.  Firstly, ignoring the internal threat is a foolhardy approach; up to 88% of all data security incidents can be traced back to user negligence.  Secondly, heavy perimeter security can often impede the availability of information required for organisations to function in a 21st century world.

This is a particular issue for local authorities, who are tasked with delivering on the objectives of transformational government, including “collaborative, joined up services” and “best advantage and best value for the citizen, business, tax payers …..”  The very nature of this initiative is the sharing of personal sensitive information.  De-perimeterisation is the phrase du jour, but how can organisations protect sensitive information without the fortified perimeters of old? 

Delivering User Awareness and Accountability for IT Assurance
MetaCompliance®, from Baronscourt, is helping many local authorities, such as Basildon District Council, Vale of Glamorgan Council and London Borough of Bexley, deliver an organisation wide employee engagement programme that ensures significantly increased user awareness and user accountability.  Tara Hutton, MetaCompliance® Customer Relations Manager, explains why the solution is an essential component of the information governance programme:

“Local authorities must address the issue of awareness and accountability, yes, to gain CoCo certification, but more importantly to ensure ongoing IT Assurance, without which effective eGovernment cannot be delivered.  By ensuring that all employees are aware of their responsibilities with regards to information handling and will be held accountable for their actions, organisations can manage the risks of sharing information.  MetaCompliance® tackles the biggest problem in IT Assurance, the people element, and delivers the ‘defence in-depth’ security approach widely favoured by industry experts.’"

Working closely with customers, Baronscourt have developed the MetaCompliance® Governance Lifecycle.  Based on the IT Governance Maturity Model, this  5 step process provides organisations with a framework for success in IT Assurance.  This has allowed MetaCompliance ®organisations to:

• Automate the key compliance tasks associated with user awareness and engagement;
• Continually measure awareness levels across the entire organisation;
• Reinforce key compliance and information governance messages;
• Validate IT Governance and Compliance activities to prove due care to third party auditors and regulators;
• Deliver user accountability and awareness ;
• Effect the behavioural changes that will help evolve organisational culture into one that values and protects information;
• Sustain best practice information governance to deliver on IT Assurance objectives.

IT Assurance is the ‘confidence that technical systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users”  _{Source CESG.gov.uk.}
It is therefore essential that Local Authorities implement an ongoing, repeatable awareness programme that allows them to mitigate and manage the very real risk presented by the employee; it is clear that email and intranet can no longer be relied upon for this.

For further information on MetaCompliance® or the  MetaCompliance® Governance Lifecycle, please contact Tara Hutton on 0207 917 9527.

Home     More Baronscourt Stories     Search News

More News