Technology Risk Management, Privacy and Information and Cyber Security

Technology risk is a subset of operational risk, that is the risk of loss resulting from failure to manage people, inadequate or failed internal processes and systems or external events. Technology risk could arise from technology failures causing disruption to the business. Technology failure could be posed by the risk of compromised availability, degradation of IT systems, failure of system recovery, lack of capacity, underperformance of systems, breach of data privacy and information security and compromised integrity of new or existing systems.

Privacy is the right to be let alone, or protection from intrusion or interference. Information or data privacy focuses on the use and governance of personal data and requires establishing framework, policies, procedures and controls on collection, sharing and use of customer’s personal information.

Information Security includes setting-up policies, procedures, controls and methodologies designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. While information security is necessary for protecting data, it’s not sufficient for addressing privacy.

Cyber security is the application of technologies, procedures and controls to protect systems, networks, programs, devices and data from cyber-attacks. Cyber security aims to reduce the risk of cyber-attacks and protect against unintentional, unlawful, or unauthorized use of systems, networks and technologies.

Technology Risk Management is the development and implementation of policies, procedures, standards and guidelines applied to achieve the sound management of technology risk across the organization.

Our Technology Risk Management practice is here to support organizations to achieve their objective of identifying, assessing, mitigating, monitoring and minimizing potential internal and external risks related to technology, cyber security, information security and data privacy before they occur. We help organizations to accomplish their regulatory and operational responsibilities and obligations and simultaneously empowering them to leverage on data and technology to create value and revenue growth while meeting expectations of customers, employees, vendors and other stakeholders. We bring technology risk awareness to the boardroom and support our clients to ensure that their technology selection is in line with their strategy and that their operations are safe, secure and consistent with robust disaster recovery plan in place. We can help you in managing your technology risk, information and cyber security and privacy mandates including the following:

  • Benchmarking of IT risk profiles with leading practices

  • COBIT assessment and implementation, including principles, strategies, charters, policies, procedures, standards, guidelines, tools and checklists for technology governance

  • Confidentiality and privacy management including privacy of information, data and employees, customers and third parties

  • Information, cyber security and technology risk audits

  • Governance, risk, compliance (GRC) solutions consulting

  • Systems and business controls implementation and testing

  • Conduct and risk culture framework

  • Business continuity management

  • Social media policy

  • System readiness review

  • Code of conduct and code of ethics

  • IT project management

  • Reputational and legal risk

  • Business resilience

  • Third party risk management Information/data classification and protection Information and cyber security and privacy incident reporting

  • Fraud risk management

  • Business managed technology

  • Data management and records management

  • IT internal audit outsourcing and Physical access management standards