Nasrhuma Inc Grc Solutions 011010
-
Upload
nasser-j-khan -
Category
Documents
-
view
227 -
download
0
Transcript of Nasrhuma Inc Grc Solutions 011010
NASRHUMA INC.
Overview of Service Offerings
NHI Inc. nasrhuma.com Irvine.Toronto
GRC-Automated Governance, Risk, and Compliance Management
Enterprise Level- Solutions for Governance, Strategy, Enterprise Risk Management,
Executive Reporting Dashboards
Function Level-Manage continuous audit of business and technology processes
Transaction Level- Prevent and approve transactions to enforce internal controls
Design and implementation of internal controls framework for automated controls Business process design for automating management of audit function processes Implementation of automated tools for managing audits
Design and implementation of automated tools for enforcing preventive controls in configuration change management,
Design and implementation of tools for enforcing automated controls in application security, user provisioning, segregation of duties, and transaction processing in compliance with a multitude of regulators.
Mapping of regulations to automated controls
Unification of internal controls frameworks in one tool
Needs assessment, business case preparation, RFI/RFP, and vendor assessments
Information Security
3rd Party HIPAAPCI SOX Privacy● ● ●
Program
NH
I I
nc.
nasr
hum
a.co
m
Irv
ine.T
oron
to
GRC Maturity Roadmap
Time
ReactiveProactive
Optimized
Ma
turi
ty
• Compliant but at a high cost to business
• Manual control
• Adhoc approach
• No best practices
• Risks are documented
• Manual risk assessment and reporting
• Tactical approach
• After the fact reporting
• Policies are enforced
• Automated Process
• Unified, standardized & strategic approach
• Prevent policy violation
• Analyze and trend
• Automated risk mitigation / Predictive risk assessments
• GRC objectives embedded throughout the organization
Progressive enterprises enhance profitability by understanding and managing risk intelligentlySmart growth targets and adjustment of risk appetites can be based on realistic assessment to capacities to take risks at all levels
Maturity Curve Assessment Assessment of enterprise on how it fares on a risk maturity curve in relation to its industry’s benchmarks RoadmapCharting out a roadmapfor becoming risk intelligent and profitable at a pace that is adjustable for changing business climate
Embedding risk intelligent cultureStrategies for organizational change in people and process to embed risk-aware culture to better manage operational andreputational risks in all initiatives and programs.
NH
I I
nc.
nasr
hum
a.co
m
Irv
ine.T
oron
to
ERP Security and Control
ERP SecurityDesign and implementation of application security for business processes, business intelligence, interfaces in major ERP systems such as SAP, Oracle, PeopleSoft and JD Edwards
Process Controls Design and implementation of internal controls related to business process, application configuration controls, and software change management baeslines.
Identity IntegrationIntegration of fine-grained authorization with externalized coarse-grained authorization on enterprise directory level.Authentication, Single Sign On, and integration of ERP applications with identity management web services.
Interface & Data Migration ControlsDesign and implementation of controls to manage the risk of data integrity, completeness, and security in transmission of data between ERP and third party subscribing of publishing systems
NH
I I
nc.
nasr
hum
a.co
m
Irv
ine.T
oron
to
Data Privacy
De-identify sensitive data•Solutions assist in enforcing controls over sensitive data by enabling organizations to de-identify, mask and transform sensitive data across the enterprise in test environments•By masking personally-identifying information, solution protects the privacy and security of confidential customer, patient, and employee data to demonstrate supports compliance with privacy regulations
Mapping of Regulations to controls in systemsMapping of Privacy Act, GLBA, HIPPA, and PIPEDA to automated controls in systems processing sensitive data.
PIAConduct Privacy Impact Assessments on business system where sensitive data in processed
Lost Laptop or other device
35%
Hackers7%
Inside Job/Malicious
Code9%
Misplaced Paper9%
Lost Electronic Backup
19%
Third Party Outsource
Breach21%
How Personal Data Is Lost
International regional responses EU DPD, APEC Privacy Framework, Safe Harbor (EEA – U.S.)
NationalUS Gramm-Leach-BlileyCanada PIPEDAAustralian Privacy Act
State/ProvincialCalifornia SB1NY Security and NotificationBritish Columbia Bill 73
ContractsClientsPartnersVendorsSeal Programs
PoliciesPrivacy PoliciesSecurity Policies
Industry and professional standardsAICPA/CICA
NH
I I
nc.
nasr
hum
a.co
m
Irv
ine.T
oron
to