The CIO, risk and compliance
As organisations prepare for legislative change, the role of the CIO will grow dramatically, with the edification of legislation a huge priority. Take the ISO Compliance (27001), a set of best practice standards for information security which encompass people, processes and technology. Much like the GDPR, ISO Compliance (27001) requires organisations to conduct risk assessments and business continuity, testing and assessments. IT alone cannot guarantee these standards; this demands the support of the entire business. In any office, responsibility falls on everyone, whether they’re charged with handling huge volumes of data every day or simply print out key information from time to time.
Comparatively, there are legislative changes on the horizon where IT will be the sole player. The PCI Data Security Standard (PCI DSS) covers technical and operational system components included in or connected to cardholder data. With serious fines at stake, the IT department must rigorously follow a 3-step process of assessing cardholder data, IT assets and business processes for card payments; fixing vulnerabilities in data storage; and collating reports for relevant banks and card brands. Alongside this, they will need to safeguard and test critical data security controls, while ensuring that payment terminals, systems and solutions are protected.
These regulatory changes mean that interoperability is more important than ever before. PSD2 encourages a competitive landscape and so in order to maintain a competitive edge, CIOs will need to ensure that their IT infrastructure has inherent flexibility that will facilitate third party apps and enable them to take advantage of internal and external innovation.
With the rate of data creation increasing exponentially, understanding legislation and applying the necessary protocols within your business is crucial. CIOs will need to play a leading role in disseminating and translating complex data and security legislation for their business, while fostering a culture of security. Staying on top of the latest legislative changes will be imperative to achieving this.