objective
Ensuring that IT processes and business processes supported by IT comply with laws, regulations and contractual requirements. Obtain assurance that requirements have been identified and adhered to, and integrate them into compliance with the organization's global compliance.
MEA03.01 - Identify external requirements of compliance.
Continuous monitoring of any changes in laws, regulations and other external and local privacy requirements.
MEA03.02 – Optimize response to external requirements.
Addresses the need to review and adjust policies, principles, standards, procedures and methodologies to ensure continued compliance with legal, regulatory and contractual requirements.
MEA03.03 - Confirm the compliance with external requirements.
It has the important role of regularly confirming the compliance of policies, principles, standards, procedures and methodologies with legal, regulatory and contractual requirements (for example, through Impact Reports).
MEA03.04 - Obtain a guarantee of compliance with external requirements.
Obtains and reports compliance assurance and adherence to policies, principles, standards, procedures and methodologies, confirming that corrective actions described in the Impact Report to address compliance gaps are taken in a timely manner.
Organizational Structure Component
In the RACI matrix, the preponderant role of the compliance and Audit team is those responsible (accountable) for this management objective. In the list of those responsible, the active participation of the IT and Legal Director deserves to be highlighted. As for the Controller, I recommend active participation (be responsible (R)) in all four practices.
As for the Person in Charge (DPO), I recommend that they have active participation (be responsible (R)) for the MEA03.01, MEA03.02 and MEA03.03 practices. The objective even mentions a Privacy Officer, who has points in common with the role of the Person in Charge.
Component Flows and Information Items
Standard input and output artifacts, highlighting the outputs: Log of necessary compliance actions; compliance requirements record; communications of changed compliance requirements; updated policies, principles, procedures and standards; compliance confirmations; identified compliance gaps; compliance assurance reports; non-compliance reports; and problems and root causes.
People, Skills and Competencies Component
Skills:
- Information security
- According to the SCTY of the 2015 SFIA v6.
For the good performance of his duties, the Person in Charge must have a solid knowledge of information security.
Component Policies and Procedures
Compliance Policy
Identifies regulatory, contractual and internal compliance requirements. Explains the process for assessing compliance with regulatory, contractual and internal requirements. Lists the roles and responsibilities of different activities in the process and provides guidance on metrics for
measure compliance. Obtain compliance reports and confirm corrective or compliance actions to correct compliance failures in a timely manner.
F) Culture, Ethics and Behavior Component
Promote a culture of compliance, including zero tolerance for non-compliance with legal and regulatory requirements.
Component Services, Infrastructure and Applications
For the proper performance of this Objective, the following are necessary:
- Regulatory monitoring service/process;
- Third-Party Conformity Assessment Services.
Translated by 4Matt Technology from the original Process Symphony: Monitor, Evaluate and Assess (COBIT 2019)
Tags: ServiceNow, Snow Software, Software Asset Management, Software Asset Management, SAM, FINOps, ITAM, ITSM, Flexera, Cloud Management governance framework, design factors, governance structures, design guide, it governance, online course , managed it, governance objective, cobit certification, cobit 2019, corporate governance, it management, it business, information governance, powered by isaca, leave a comment, cobit benefits, cobit exam, decision making, framework cobit, IT professionals
free materials, foundation bridge, designed to evolve, information management, best practices, capability levels, microsoft power, control objectives, certificate programs, governance components, stakeholders, cobit 2019, social networks
risk management, isaca launched, design thinking, performance management, contact us, governance certification, implementation guides, certification exams, implementing nist using cobit, power bi, design and implementation, governance framework, it market
design factors, governance strategy, cobit implementation, best practices, implementation guide, effective governance, cobit 2019, organizational structures, digital transformation, cybersecurity, business objectives, cobit certification, project management, goals waterfall, business processes.