Embed Size (px)
DESCRIPTION
Acceptable Use and GRC provision in UK Legal Firms
Citation preview
Acceptable Use PoliciesBalancing Productivity and Compliance
“Employees expect personal internet access at work. This raises security, productivity, HR, compliance, bandwidth and legal issues which cross multiple departmental boundaries”
“Organizations need to create, implement and monitor an Acceptable Use Policy (AUP) which governs the use of company infrastructure and which is backed up by both effective tools, regular monitoring and comprehensive training”
“This presentation discusses some of the background issues that affect the management of a balanced AUP which employees understand and works with Risk Based Regulation” Knowledgeframe
e-safe business
Mobile Phone
Social Networking
Web Conferencing
Instant Messaging
ProfessionalServices
Firm
VOIP
As society becomes increasingly connected so professional service firms have to adapt to, and take advantage of, the business benefits of online communication, connectivity and collaboration.
Acceptable Use PoliciesBalancing Productivity and Compliance
This change is accelerating, its scope is broadening and its impact is global.
Competition is fierce and recruitment is increasingly difficult
Regulatory pressures are escalating
Clients are more demanding
Acceptable Use PoliciesBalancing Productivity and Compliance
Society is hooked on all-pervasive, always-on connectivity. The boundaries between work, social and leisure time are becoming nonexistent.
Web Conferencing
Social Networking
PDAs
Internet
Mobile Phone
VOIP
I.M.
The Organization
For most of us, not having online access would severely impact our productivity.
For a growing percentage, full time, instant, multi-device connectivity is mission critical.
Connectedness
Connectedness provides a huge competitive advantage particularly if governed by an ITC Acceptable Use Policy which is integrated into its business vision and strategy.
The Organization
At the same time workplace demographics are changing
Existing staff members are being replaced by a new generation of knowledge workers
Connectedness
They have never known a world without the internet, Google, Facebook, YouTube, text messaging and camera phones, they are naturally collaborative and connected.
60%
The Organization
At the same time workplace demographics are changing
In order to compete for this valuable talent base every organization has to offer an always on, connected, collaborative environment
Connectedness
It has to support the way in which the “everyone, everything, everywhere, connected” generation, live and work.
10%
5%
60%
25%VOIP
Web ConferencingText Messaging
60% use social networking sitesat work
In today's environment workers use social networking sites and online communities for business communications
Whilst no one doubts that connectivity, communication and collaboration tools dramatically increase knowledge worker productivity there is the realisation that these same tools increase business risks for the employer.
Manage the behaviour of users
These changes will have a profound effect not only will you have to understand and manage these new connectivity tools but also:
balance security and network reliability
These changes will have a profound effect on firms, not only will they have to understand and manage these new connectivity tools but they will have to:
Manage the behaviour of users
Maintain employee productivity and safety
These changes will have a profound effect on firms, not only will they have to understand and manage these new connectivity tools but they will have to:
balance security and network reliability
Manage the behaviour of users
Ensure compliancewith regulatory rules and guidelines.
These changes will have a profound effect on firms, not only will they have to understand and manage these new connectivity tools but they will have to:
Maintain employee productivity and safety
balance security and network reliability
Manage the behaviour of users
The risks fall into two main categories:
• Reputational Damage
for example, the loss of client data, IP contravention,breach of data protection law, negative tweets & blogs
• HR Issues
In particular the employees’ right to work within a secure, regulated and protected online environmenttogether with developing policies and strategies which help connected employees maintain a work/life balance.
“Organizations need to develop a strategy, driven by the business needs of the practice which balances increased regulation, enhanced security and improved productivity with the social and work needs of permanently
connected employees. ”
LexcelV4
LexcelV4
SRASRA
Both Lexcel V4 and Risk Based Regulation from the SRA impose additional monitoring and reporting burdens on law firms.
LexcelV4
LexcelV4
RegulatoryBurden
RegulatoryBurden
SRASRA
Both Lexcel V4 and Risk Based Regulation from the SRA impose additional monitoring and reporting burdens on law firms.
InternalInternal
RegulatoryCost
RegulatoryCost
RegulatoryBurden
RegulatoryBurden
ExternalExternal
Both internal governance and exterior regulation impose additional monitoring and reporting burdens .
Regulation in particular appears to be moving away from the “yearly snapshot” approach to a continuous monitoring model with a form of credit scoring applied in real time.
This impacts costs and possibly even ability to attract clients and recruit talent.There is, therefore, a direct link between a clearly written Acceptable Use Policy, continuous compliance monitoring and profit.
Being compliant is a business imperative.
However monitoring and managing ongoing compliance together with reporting to regulators has the potential to take up valuable management time.
e-safe business reconciles Acceptable Use with Lexcel V4 and Risk Based Regulation to provide a largely automated monitoring, managing and reporting environment which addresses the issues facing growing law firms adapting to the new regulatory environment.
AUPE-safe
Monitoring&
Reporting
• Strategic Risks• Operational Risks• Regulatory Risks
• Business
Management• Equality &
Diversity• Risk Based
Regulation
• Client Confidentiality • Data Security• Avoiding discrimination
e-safe business reconciles the Acceptable Use Policy with Risk Based Regulation to provide a largely automated monitoring, managing and reporting environment which addresses the issues faced in addressing the ever expanding regulatory environment.
Lexcel/LSC/SRA
AUPE-safe
Monitoring&
Reporting
01.Lexcel V4• Strategic Risks• Operational Risks• Regulatory Risks
Lexcel V44A.4 e-mail policy4A-5 website use4A.6 internet use
There is overlap between Lexcel, LSC and SRA rules and guidelines.
e-safe business from eSafe Systems
Lexcel/LSC/SRA
AUPE-safe
Monitoring&
Reporting
01.Lexcel V4• Strategic Risks• Operational Risks• Regulatory Risks
02.SRA• Business
Management• Equality & Diversity• Risk Based
Regulation
Lexcel V44A.4 e-mail policy4A-5 website use4A.6 internet use
SRA Rule 5.01(1)gRule 5.01(1)hRule 5.01(1)i
There is overlap between Lexcel, LSC and SRA rules and guidelines.
The Acceptable Use Policy and e-safe business, work together to manage this relationship.
e-safe business from eSafe Systems
Lexcel/LSC/SRA
AUPE-safe
Monitoring&
Reporting
01.Lexcel V4• Strategic Risks• Operational Risks• Regulatory Risks
02.SRA• Business
Management• Equality & Diversity• Risk Based
Regulation
03.LSC• Client Confidentiality • Data Security• Avoiding discrimination
Lexcel V44A.4 e-mail policy4A-5 website use4A.6 internet use
SRA Rule 5.01(1)gRule 5.01(1)hRule 5.01(1)i
LSC Rule 3Rule 8Rule 9
e-safe business from eSafe Systems
E-safe business improves productivity, reduces risk and improves security by modifying user behaviour.
E-safe business improves productivity, reduces risk and improves security by modifying user behaviour.
User Monitoring – The User Monitoring Module monitors all information displayed on the workstation screen, within a Windows environment including:
• Applications• Chat• Internet Browsing• Email• Instant Messaging • The Operating System
E-safe business improves productivity, reduces risk and improves security by modifying user behaviour.
Activity is compared with built in “Threat Libraries” which look for:
• Cyber bullying, • Cyber slacking, • Predatory behaviour, • Drugs, • Race, • Hatred, • Sex, • Dating, • Hacking, • Bypassing firewalls & proxy avoidance,• Propaganda, • IP theft & copyright infringement.
E-safe business improves productivity, reduces risk and improves security by modifying user behaviour.
Image Control – Image Control intercepts images, before they are displayed on-screen and determines the images acceptability for display.
This provides the greatest protection from accidental or deliberate access to inappropriate images.
Image control can also block images introduced onto the network via USB or email.
E-safe business improves productivity, reduces risk and improves security by modifying user behaviour.
USB Device Management – USB device management controls the use of: • memory sticks, • digital cameras, • MP3 players and • mobile phones
whenever an attempt is made to connect them to the network helping to prevent data theft and the introduction of viruses, worms and Trojans.
e-safe business improves productivity, reduces risk and improves security by modifying user behaviour.
Training – Deploying e-safe is not, in itself, sufficient to provide the level of control or changes in behaviour necessary to ensure your AUP is adhered to and ongoing regulatory compliance maintained and improved.
It’s important that everyone in the organisation understands the reasons why e-safe business has been deployed and how non compliance with rules impacts reputation, costs and profit.
e-safe provides comprehensive training showing how to introduce e-safe business and configure it to provide the level of protection you need.
e-safe business can be installed onto your network
Or provided as a managed service from our UK based servers with fully qualified and accredited support
