APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Blockchain

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Singapore Startups

    Smart City

    Software Testing

    Startup

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Retail

    Travel and Hospitality

  • Dell

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Compliance
    • Software Testing
    • Procurement
    • Managed Services
    • Cyber Security
    • Gamification
    • Blockchain
    • CRM
    • E-Commerce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    The Hard Case For Investing In Compliance

    Alexander Maclean, Global Head Of Regulatory Compliance / Chief Compliance Officer, Aegon [Ams: Agn]

    Compliance , Regulatory Affairs, Contract Management

    Charles Hammersla, Head Of Facilities Management – Nab, Cushman & Wakefield [Nyse: Cwk]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    right

    Compliance in the Cloud

    Vasyl Nair, Chief Risk Officer, Mine Super & Louis Leung, Executive General Manager Group Risk and Compliance, Mine Super

    Tweet
    content-image

    Vasyl Nair, Chief Risk Officer, Mine Super & Louis Leung, Executive General Manager Group Risk and Compliance, Mine Super

    You’ve secured funding and support to launch your new cloud-based strategy with a business case, vendor short list and project plan all finalised. Well, how about understanding your compliance obligations?

    Whilst moving to the cloud has become an increasingly popular business strategy, securing compliance in the cloud can be significantly more difficult. The task of Googling a “cloud compliance checklist” is likely to surface more questions than answers. You’ll likely spend more time filtering through sales material than finding any practical guidance on the topic.

    Seek technical help

    Fortunately, you’re not alone and the places to ask for help aren’t always obvious. Whilst larger organisations typically have in-house risk and legal teams, it may not be as easy for Chief Information Officers who don’t have access to dedicated internal resources. As a result, you may need to carefully consider the cost-benefit of hiring or appointing external technology risk professionals or compliance specialists with prior cloud experience to help you achieve your objectives.

    You may also want to consider audit firms that offer consulting services or specialised businesses such as managed security service providers. Whether you hire or outsource this capability, the key to delivering quality outcomes is by ensuring you have the right mix of capabilities to understand your compliance obligations and deliver your project.

    Determine what’s important

    Once you have capabilities sourced, you’ll need to identify what your compliance obligations are. This is where investing time upfront will help you mitigate the emergence of last-minute surprises that can derail a project. You might consider:
    1. Internal policy obligations – surprisingly, internal policies are a great place to start. This is where the rest of your management team have already summarised key obligations across your business. You’ll find vital clues on where to go for more information on a wide range of topics such as privacy, vendor due diligence and technology security.

    2. Legislative obligations – consider the legal jurisdictions your business (and short list of cloud providers) operate in and whether any offshore obligations apply. At minimum you should be considering privacy and data retention laws in addition to any other legal domains that are relevant to your business and what’s being moved into the cloud.

    3. Regulatory guidance – are there any regulators that oversee your business and do they have a documented posture in relation to cloud-based arrangements? In Australia, licensed financial services entities must meet specific requirements set out by the local regulator for outsourcing arrangements that involve the cloud.

    4. Contractual obligations – depending on what is being moved into the cloud, you might also want to review existing contracts in place with suppliers and customers. This includes reviewing your cloud service provider to understand how your risks are being managed. For example, who will be liable when your cloud provider experiences a problem that impacts your service and causes a downstream contractual breach?

    5. Industry standards – pay attention to any certifications or assurance your business provides to suppliers and customers. Industry standards or audit requirements (such as IT General Controls) may result in additional work required to maintain compliance.

    Getting it done

    Don’t be too surprised if you end up with a laundry list of compliance driven work that seems larger than the work set down in your original implementation plan. Your compliance checklist can serve as your obligations register. You can quickly identify recurring themes to group these into key risks that affect your business. For example, you’ll likely identify availability, security, vendor, data migration and strategy as key risk themes linked to work areas.

    Once you have your compliance obligations grouped by risks, you should start considering what controls are required to manage these risks (which may include the risk of breaching compliance obligations) and how these are integrated into your overall implementation plan.

    At this stage you should also consider the need to document any contingency plans required to address how you will handle potential breaches. For example, if you had a major data breach will your team be able to quickly map the critical path to resolution? The same logic should be applied to managing IT security incidents and general business continuity.

    Ensuring you document this end-to-end process is vital as this will help you later when you need to provide evidence to your auditors on how you’ve identified your compliance obligations, your compliance risks and how these are being effectively managed as you transition to the cloud.
    tag

    Financial

    Weekly Brief

    loading
    Top 10 Compliance Solutions Companies - 2022

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    ON THE DECK

    Compliance 2022

    Top Vendors

    Compliance 2021

    Top Vendors

    Compliance 2020

    Top Vendors

    Compliance 2019

    Top Vendors

    Compliance 2018

    Top Vendors

    Compliance 2017

    Top Vendors

    Compliance 2016

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Deliver Resiliency with Managed Services

    Deliver Resiliency with Managed Services

    Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, CIO and Director, BT
    How to align Supply Chain with Corporate Strategy

    How to align Supply Chain with Corporate Strategy

    Chanaka Rathnayake, Senior Production Manager (Packaging) at The HEINEKEN Company
    A dose of our own medicine

    A dose of our own medicine

    SABINA JANSTROM, IT DIRECTOR, DYNO NOBEL
    Insider Threat

    Insider Threat

    AI is America's best weapon for disrupting health inequities

    AI is America's best weapon for disrupting health inequities

    Michael Dowling, President & Ceo, Northwell Health and Tom Manning, Chairman, Ascertain
    Combating IoT Challenges with Smart Choices

    Combating IoT Challenges with Smart Choices

    Sandeep Babbar, Head Of Technology Innovation, Gwa Group Limited
    Artificial Intelligence regulations and its impact on medical devices

    Artificial Intelligence regulations and its impact on medical devices

    Leo Hovestadt, Director Quality Assurance Elekta
    Loading...

    Copyright © 2023 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/compliance-in-the-cloud-nwid-7492.html?utm_source=google&utm_campaign=apacciooutlook_topslider