Technology RiskGovernance, Risk, and Compliance Solutions

NH Inc. nasrhuma.com Irvine.TorontoSolutions@nasrhuma.com

Irvine 949.551.6080

Toronto 647.829.6850

NH Inc.

Overview of Service Offerings

GRC-Automated Governance, Risk, and Compliance Management

Enterprise Level- Solutions for Governance, Strategy, Enterprise Risk Management,

Executive Reporting Dashboards

Function Level-Manage continuous audit of business and technology processes

Transaction Level- Prevent and approve transactions to enforce internal controls

Design and implementation of internal controls framework for automated controls Business process design for automating management of audit function processes Implementation of automated tools for managing audits Design and implementation of

automated tools for enforcing preventive controls in configuration change management,

Design and implementation of tools for enforcing continuous monitoring controls in application security, user provisioning, segregation of duties, and transaction processing in compliance with a multitude of regulators.

Mapping of regulations to automated controls

Unification of internal controls frameworks in one tool

Needs assessment, business case preparation, RFI/RFP, and vendor assessments Information

Security3rd Party HIPAAPCI SOX Privacy Program

NH

In

c. n

asrh

um

a.co

m Ir

vin

e.T

oro

nto

Solutions@nasrhuma.com

Irvine 949.551.6080

Toronto 647.829.6850

Progressive enterprises enhance profitability by understanding and managing risk intelligently and creating strategies that move them up the GRC Maturity Curve continuouslySmart growth targets and adjustment of risk appetites can be based on realistic assessment to capacities to take risks at all levels

Maturity Curve Assessment Assessment of enterprise on how it fares on a risk maturity curve in relation to its industry’s benchmarks RoadmapCharting out a roadmapfor becoming risk intelligent and profitable at a pace that is adjustable for changing business climate

Embedding risk intelligent cultureStrategies for organizational change in people and process to embed risk-aware culture to better manage operational andreputational risks in all initiatives and programs.

GRC Strategy

Time

ReactiveProactive

OptimizedM

atu

rity

• Compliant but at a high cost to business

• Manual control

• Adhoc approach

• No best practices

• Risks are documented

• Manual risk assessment and reporting

• Tactical approach

• After the fact reporting

• Policies are enforced

• Automated Process

• Unified, standardized & strategic approach

• Prevent policy violation

• Analyze and trend

• Automated risk mitigation / Predictive risk assessments

• GRC objectives embedded throughout the organizationN

H In

c. n

asrh

um

a.co

m Ir

vin

e.T

oro

nto

Solutions@nasrhuma.com

Irvine 949.551.6080

Toronto 647.829.6850

ERP Security and Control

ERP SecurityDesign and implementation of application security for business processes, business intelligence, interfaces in major ERP systems such as SAP, Oracle, PeopleSoft and JD Edwards

Process Controls Design and implementation of internal controls related to business process, application configuration controls, and software change management baselines.

Identity IntegrationIntegration of fine-grained authorization with externalized coarse-grained authorization on enterprise directory level.Authentication, Single Sign On, and integration of ERP applications with identity management web services.

Interface & Data Migration ControlsDesign and implementation of controls to manage the risk of data integrity, completeness, and security in transmission of data between ERP and third party subscribing of publishing systems

NH

I I

nc.

nasr

hum

a.co

m

Irv

ine.T

oron

to

Solutions@nasrhuma.com

Irvine 949.551.6080

Toronto 647.829.6850

Data PrivacyDe-identify sensitive data

•Solutions assist in enforcing controls over sensitive data by enabling organizations to de-identify, mask and transform sensitive data across the enterprise in test environments•By masking personally-identifying information, solution protects the privacy and security of confidential customer, patient, and employee data to demonstrate supports compliance with privacy regulations

Mapping of Regulations to controls in systemsMapping of Privacy Act, GLBA, HIPAA, and PIPEDA to automated controls in systems processing sensitive data.

PIAConduct Privacy Impact Assessments on business system where sensitive data in processed

Lost Laptop or other device

35%

Hackers7%

Inside Job/Malicious

Code9%

Misplaced Paper9%

Lost Electronic Backup

19%

Third Party Outsource

Breach21%

How Personal Data Is Lost

International regional responses

EU DPD, APEC Privacy Framework, Safe Harbor

(EEA – U.S.)

National

US Gramm-Leach-Bliley

Canada PIPEDA

Australian Privacy Act

State/Provincial

California SB1

NY Security and Notification

British Columbia Bill 73

Contracts

Clients

Partners

Vendors

Seal Programs

Policies

Privacy Policies

Security Policies

Industry and professional

standards

AICPA/CICA

NH

In

c. n

asrh

um

a.co

m Ir

vin

e.T

oro

nto

Solutions@nasrhuma.com

Irvine 949.551.6080

Toronto 647.829.6850