Compliance

Whether moving to an Open environment or indeed with any business driver, commitment alone to having effective security for your business is no longer sufficient. Management, auditors and business partners require demonstrable evidence of compliance as part of your IS risk management approach. In order to provide information security (IS) governance assurance that you have appropriately mitigated your legal and regulatory risks, your organisation needs to conduct compliance re-views, to determine the level of your compliance with information security legislation, regulations and best practice.

(Corporate) Governance basically means the diligent, correct and proper conduct of business while meeting legislative and regulatory as well as industry-specific requirements. In this context, compliance means adherence to laws and regulations. If we include all facets of governance, we also have to consider the proper management of a company's operational risks. Governance and compliance requirements apply basically to all companies regardless of size, organisational structure or industry.

Siemens can help you meet these obligations with a comprehensive range of compliance-based services that include:

• Compliance Audits for Data Protection, Sarbanes Oxley, Gramm Leach Biley, other legal and regulatory obligations and relevant legislation-based best practice requirements for ISO 27001
• Creation of customised legal controls or building and maintaining applications
• Policy Health Checks (e.g. Information security policy, data protection, email, monitoring and Internet AUPs)
• Assistance in developing policies and procedures
• Design and implementation of structured improvement plans
• Staff training and awareness programmes