Every organisation wants to build strong relationships with its customers – and compliance is one technique that should definitely be in your relationship-building toolbox.
Cynics sometimes describe compliance as little more than a box that has to be ticked to remain in business. It’s often seen as a burden – a means of ensuring your organisation meets the regulatory and legislative standards of the environment you operate in.
Photo by Michael Judkins from Pexels
One of the ways in which ITIL 4 differs from its predecessor is in its increased emphasis on supplier management. ITIL V3 defined ‘4 Ps’ (People, Products, Processes and Partners) of Service Management. In ITIL 4 these become the ‘4 Dimensions of Service Management’, and there is an increased focus on partners and suppliers – an important and necessary change given the growing use of cloud-based services and increasing supplier dependencies.
With cyber threats from malware and cyber attacks to phishing and social engineering continually in the headlines, it can be difficult to assess the actual risks to your organisation so you can take appropriate action to mitigate them. In my view, you can’t manage anything that you don’t understand – so what is actually out there, and how vulnerable is your organisation to the different threats?
This week the Government launched a review to find out what’s needed to make UK business leaders take cyber security seriously. In our view, a good place to start is the government’s Cyber Essentials scheme, which is based on advice from the UK’s National Cyber Security Centre (NCSC), part of GCHQ.
Implementing digital transformation effectively is about more than just putting in new technology – you need to ensure that it aligns to your organisational strategy and fundamentally adds value to your business, or you won’t obtain the hoped-for ROI. That’s why ITIL 4 should be part of your toolkit for change.
In a digital world, network security moves from the organisation’s perimeter to the user. The most effective way to do this is to create a zero trust network, implementing least privilege and default deny policies for each user and each system.
Although digitalisation brings many benefits, it has a major downside – increased organisational risk. Enabling users to access a corporate network from any location and device creates a significantly increased attack surface which those with malicious intent can target, and enables them to use a much greater range of threat vectors.
Compliance is often thought of as a burden – little more than a tick-box exercise to ensure your organisation meets regulatory and legislative standards. However, that’s looking at it the wrong way. What it actually provides is a statement of your organisational values and is an investment in future growth. It’s a vital part of ensuring that your organisation moves in the desired direction and can enable you to create added value for your business.
With GDPR on the horizon, now is a good time to review your data security policy. The first step is to take a holistic look at your entire infrastructure, from how data is created or acquired to how it is valued, stored, accessed and disposed of. This includes data coming in from customers, partners and suppliers; data created within the organisation, such as presentations and reports; and data that goes out, such as invoices and proposals.