Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Google

    HP

    IBM

    Intel

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • DevOps
    • Automotive
    • FinTech
    • Robotics
    • SAP
    • Amazon
    • Big Data
    • Education
    • HPC
    • Simulation
    • CISCO
    • Web Development
    • AI
    • EPM
    • ERP
    • Project Management
    • Salesforce
    • Sports
    • Travel and Hospitality
    • Unified Communication
    • IT Services
    More
    HPC Simulation CISCO Web Development AI EPM ERP Project Management Salesforce Sports Travel and Hospitality Unified Communication IT Services
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Intersection of Compliance with IT in Business

    By Jane A. Levine, SVP, Worldwide Director of Compliance and Business Integrity, Sotheby’s

    Tweet
    content-image

    Jane A. Levine, SVP, Worldwide Director of Compliance and Business Integrity, Sotheby’s

    As the chief compliance counsel for Sotheby’s, the international art auction house whose business stretched back centuries before the digital age, I am often asked what are some of the compliance challenges in my role and how do I approach them.  One lesson applicable across multiple compliance environments, with technology being no exception, is that even small incidents or accidents can have significant consequences legally, financially and reputationally, making strong compliance a business necessity.

    Sotheby’s business is global and fast paced, thus we face similar challenges relating to compliance technology as many other companies around the world.  With the increasing prevalence of cyber data breaches and other data loss events, has come increased awareness among both regulators and consumers of the importance of information security and data protection.  Sotheby’s uses a best practice information security strategy, which can be best described as a defense-in-depth methodology.  This simply means that our security precautions are implemented as a series of layers (physical/infrastructure/application) to provide multiple barriers that must be breached before there is a loss of information.  This strategy is tested on a regular basis through internal and external audits.  

    To further mitigate the chances of a breach or incident, Sotheby’s maintains compliance policies and procedures that govern data collection, storage, maintenance, destruction, sharing with third parties, and security. We further undertake regular risk assessments to reevaluate our procedures and in anticipation of and in reaction to new developments.  Sotheby’s has a dedicated compliance team that monitors changes to laws and regulation worldwide and to see that our cyber security policies are up to date and reflect current best practices. 

    “Sotheby’s maintains compliance policies and procedures that govern data collection, storage, maintenance, destruction, sharing with third parties, and security”

    Another factor contributing to the success and effectiveness of Sotheby’s cyber compliance program is that the compliance team works closely with the IT team and our chief technology officer to formulate and set standards governing, among other things, the safe use of mobile devices for business purposes, data access controls, and confidentiality.  In addition to maintaining detailed and robust policies setting forth our information security practices and procedures, Sotheby’s compliance team delivers regular, relevant targeted training to all staff, management and the Board of Directors on these subjects. 

    We conduct live training sessions in which we reinforce the message that cybersecurity is important to our clients, shareholders and our company, and we address specific practices and behaviors that we expect staff to abide by in order to protect the data we hold.  For instance, we not only review our incident response plan with relevant managers and staff, but we have also conducted “table top” exercises where we have worked through how we would handle a breach.  This type of training and education is in place to enhance our preparedness to swiftly act and to contain a cyber-breach event should one occur. In addition to taking appropriate precautions with, documents and verbal communications and with the art work and other extraordinary objects that Sotheby’s handles on a daily basis, we stress the need to apply special care to digital and electronic communications taking place over the internet and voicemail. When using Sotheby’s technology, or when using personally owned technological devices for Sotheby’s business, Sotheby’s requires staff to adhere to our password requirements and rules prohibiting unauthorized downloading of applications or email attachments. 

    On those occasions when Sotheby’s works with third parties, we take steps to conduct due diligence into their technology security practices, and to secure enforceable representations that there will be ongoing security maintained.  We expect any third party to apply equally stringent cyber-security standards as we do.

    The use of technological social media has brought another sea change in behavior in the last decade.  At Sotheby’s, we encourage our employees to participate responsibly on Social Media channels, and to be responsible in the use of online tools in a way that is consistent with all Sotheby’s policies. Regardless of where staff accesses the Internet via Sotheby’s systems or on personal computers, the obligation to protect all confidential information about clients, the Company, and employees must be respected. 

    At Sotheby’s the Compliance and Business Integrity Department also works hand in glove with our IT Department to coordinate our approach to technology and compliance, as we recognize that it takes both strong IT systems and a strong culture of compliance to create a business environment that is protected from cyber and data loss threats.

    Read Also

    How GDPR can open opportunities for APAC businesses

    How GDPR can open opportunities for APAC businesses
    Keeping Pace with Technology

    Keeping Pace with Technology
    Adventures In Sourcing Compliance And Risk Systems

    Adventures In Sourcing Compliance And Risk Systems
    Customer Data: The New Compliance Frontier

    Customer Data: The New Compliance Frontier
    Top 25 Compliance Solution Providers - 2018

    Top 25 Compliance Solution Providers - 2018

     Top 25 Compliance Solution Providers - 2017

    Top 25 Compliance Solution Providers - 2017

     25 Most Promising Compliance Solution Providers

    25 Most Promising Compliance Solution Providers

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/intersection-of-compliance-with-it-in-business-nwid-785.html