måndag 3 oktober 2016

The Age of Regulation


'Tis the most wonderful time, of the year .. - but no, for those of you who assumed this post would be about Christmas preparations due to the Andy Williams classic reference, I have to let you down.

Instead, it's the time of the year when many of us stay up late into the night, racking our brains to establish the background for and specifics of the budget proposal for next year!

Nothing wrong with that - financial planning tends to weed out the 'nice-to-haves' from the mandatory initiatives and investments - and that is in part what this post is about.

"Failing to plan is planning to fail" (Alan Lakein) and 2017-2018 will see some major changes in the IT landscape for a lot of companies and businesses.

What are the major upcoming events on the horizon important to note already at this stage?

From a platform point of view, it's inevitable to highlight Windows 10.  If you and your organization aren't there already, it’s time to seriously consider tackling this change and head off the potential dangers (and costs) of having to handle it as a rush job towards the end of Windows lifecycle & support

Another tangible driver for this update is workstation lifecycle rollover vs next generation of Intel chipsets – with current information to hand, there’s no support for the Intel processor generation Kaby Lake and onwards on Windows 7 or Windows 8, Windows 10 is a mandatory component to obtain proper support and stable platform operations.

Looking ahead at 2018 from a business point of view, 2017 is only one year away from GDPR - Reform of EU data protection rules – as the directive is transposed into national legislation.

With experience from the investments required to handle the introduction of SOX and SOX2 which for many businesses is an absolute must – GDPR needs to be taken seriously, and will for example replace PUL (Personuppgiftslagen) in Sweden, making it practically mandatory to comply to stay in business.

The basics, on a high level, require –
-          Easy access for each employee to review the data stored for the individual
-          Reinforced requirements regarding approval to store personal information
-          Facilities and functionality to permanently move information on individual level between organizations
-          Facilities and functionality to permanently remove information on individual level
-          Incidents such as breaches must be reported within 72 hours

Failure to comply or violations against the directive incur penalties.  The penalties include fines and imprisonment for up to two years, in current legislation – and in the EU based version, the fines range up to 20MEUR or 4% of the global turnover of the company.  If in breach, no board, CEO or CIO will be left standing after unsuccessfully avoiding such crippling costs to the business.

NIS is yet another such EU based directive where both the organizational processes and measures need to be aligned with IT and supported by adequate systems to comply.  Again, breaches must be reported to the local authority, although the penalties involved are not at par with the GDPR scenario.

Due to the fast-moving, changing business landscape, the heightened risk levels with business moving online vs cyber security concerns and cross-border legislation – the age of regulation seems to be upon us, and we’re bound to be affected by similar directives more often in the near future.  There isn’t a good way of avoiding it whilst still staying in business, but there are a few short-cuts which make it a lot less costly and straining to the organization.  Know yourself (your business and your Customers), the ins and outs of the processes, dependencies, deviations – keep your house in order, and stay open to change.  With a smaller scope to analyze as implied and mandatory delta – “only the add-on change” compared to additional unknowns in your business operations - the smoother the change will be.

So, what will you wish for in your budget-stocking this year? 

Merry Budget Everyone!

By Fredric Travaglia, Business Development Consultant @ Enfo

http://www.techradar.com/news/computing-components/processors/kaby-lake-intel-core-processor-7th-gen-cpu-news-rumors-and-release-date-1325782
http://www.forbes.com/sites/brookecrothers/2016/08/31/microsoft-tickler-file-alert-intels-new-kaby-lake-chip-will-only-support-windows-10/#307efb1e64cc
http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
https://www.sec.gov/about/laws/soa2002.pdf
http://www.datainspektionen.se/fragor-och-svar/eus-dataskyddsreform/
http://www.nyteknik.se/nyheter/snart-maste-it-incidenter-rapporteras-6335912
https://ec.europa.eu/digital-single-market/en/news/directive-security-network-and-information-systems-nis-directive
http://www.travaglia.se/2016/06/id-like-two-scoops-of-change-please.html
http://www.enfogroup.com/Competence-Areas/Process-Innovation