Type to SearchView Tags

Key Governance, Risk and Compliance considerations due to COVID-19
Abhishek Ramavat GM and Practice Lead EMEA - GRC | June 4, 2020
551 Views

This is the first time in modern history that we are faced with a truly global pandemic. While many businesses have a prior experience dealing with economic whirlwinds and disruptions, the COVID-19 crisis is the ultimate stress test. This crisis has positioned organizations, nations, and people in an entirely new predicament impacting both their professional and personal lives. The dangers posed by disruptions such as COVID-19 can affect different companies in drastically different ways.

Organizations can’t seek out formulaic solutions, instead, they should address their unique needs based on their structure and domain.

For example, according to the United States’ Federal Emergency Management Agency (FEMA), nearly 40% of small businesses fail to resume operations due to the impact of major disasters. This makes it even more surprising when we realize that about 51% of global businesses are not sufficiently prepared to cope with disasters such as COVID-19. Given the sheer scale and suddenness of this challenge, organizations have to now reimagine how they conceive of business operations in an era of pandemic-like disruptions and take bold steps to be better prepared for the future.

Digital Adaptation for Future Survival

The resilience of any business operation in the face of disruption rests on several factors such as culture and change management, accountability, staffing contingencies, reserve funds, and much more. The interdependency between these factors often makes the planning phase quite meticulous. For instance, as COVID-19 forces people to adopt new habits such as social distancing, remote working, and quarantines, the associated effects on enterprise workflow need to be assessed.

The direct consequence of this requirement leads us to prepare more thoroughly via astute change management for remote working and remote access systems. Again, with remote working systems becoming ubiquitous, we are forced to define the scale and scope of our technology requirements through revamped change management, ensure that distributed data remains protected, and third-party risks are mitigated thoroughly across the ecosystem.

Businesses have to prepare for a world where the enterprise can be responsive to shifting workflows, ready to mobilize their remote workforce securely, and ensure sustainable business operations. This includes addressing issues such as working from home, device security, third-party threat assessments, infrastructure support, and more. Inevitably, the future is digital, and while many organizations have resisted and hesitated in the face of change, we have reached a precipice where the only way to move forward is to adapt faster.

Planning for the Future

The sheer experience of enabling a remote working model and managing IT compliance and guidelines is sure to become the critical factor in any future-looking business continuity arrangements. Major challenges such as ensuring secure and seamless data access, enabling connectivity, establishing collaboration and communication tools, compliance to regulatory and security requirements, and training workers for disruptions, will need to be at the top of the list. 

There is no denying the fact that threats such as COVID-19 are chronic and likely to become a regular concern in the future. In the face of this paradigm shift, successful organizations are learning to shed their traditional ways of thinking and are pulling out all the stops in their pursuit of digital resilience. Organizations leading this business transformation are working overtime to empower their employees and enable their processes to not only operate effectively during the outbreak but after it as well. Unfortunately, making this change raises new concerns such as security vulnerability, third-party risk, and the urgent need for continuity arrangements.

The need to adopt a robust business continuity framework will need to take top priority in the (hopefully soon) aftermath of COVID-19, and it must be done so with serious intent and clarity of vision. Organizations cannot afford to seek out formulaic and one-size-fits-all solutions, instead, they need to address their own unique needs based on organizational structure and domain. They need a plan that integrates their needs based on factors such as the nature of the business, the domain, challenges, organizational culture, objectives, strengths, workflows, and much more.

With years of experience in helping organizations streamline business compliance and security, HCL’s GRC practice comes with a suite of solutions that can help businesses mitigate global threats and move toward a holistic business transformation. We believe that to truly thrive in this volatile and unpredictable world, organizations need to focus intently on the following areas:

  • Business Continuity Management Program: Going forward, organizations need to include pandemics such as COVID-19 in risk assessment scenarios and business impact analysis.
  • Third-party Risk Management: While organizations look for cost-effective, alternative sourcing solutions in the wake of the pandemic, they need to simultaneously bolster their third-party risk management processes.
  • Cyber Risk Program: As remote working continues to gain prominence in the near future, organizations need to thoroughly manage the risks associated with the facilitating systems involved.
  • Privacy and Personal Data Management: The pandemic has compelled organizations to share critical data as a response measure. Privacy and security officers need to make sure they can enforce greater governance on the open data.

To truly thrive during another volatile and unpredictable tomorrow, enterprises will need to equip themselves with the right technological solutions.

In my next blog post, we will delve deeper into how organizations can advance this mission and adopt a thorough business continuity plan along with the solutions needed to make them resilient.