IT is just the rest of the world in 1’s and 0’s

Being a security guy first, an IT guy second, and an employee third (“human” comes a distant 7th behind Yorkshireman, Red Sox Fan and Massachusetts resident) , we IT Security types sometimes forget that most of the problems we face have strange parallels elsewhere in our companies.

For example, companies have goals, rules and risks around:

• Where their facilities are and how they run them
• Whom they employ
  
• Which companies they buy things from, sell things to, and partner with
  

Again, in each of these cases, to make sure they do things in the company’s best interests they need to:

1.      Have a policy that reflects their goals and make sure people know about it

2.      Have a way to carry out the policy

3.      Have a way to make sure the policy is being carried out

4.      Have a way to find out how well the policy is working

5.      Have a way to deal with the times the policy’s not being effective.

Many of Archer’s customers use Archer way beyond the realms of IT, from tracking health and safety issues, to HR issues, to vendor management and supply chain issues. This operational risk management and compliance is what many start to call Enterprise GRC. But it extends way beyond that, as we’ll talk about in the next post.