The regionalized IT organisation of a global prestige cosmetics company was transforming into a global IT operations function to meet the needs of the business in a changing global market place. An effective IT compliance framework was needed at the core of the new organisation to tackle mounting regulatory expectations and information security exposure.
To better align IT with business needs, the company was consolidating IT into a single organisation. Thus far, IT had been an amalgamation of brand and regional services. The ambition was to ensure a globalized IT organisation would be effective by the start of the next fiscal year. PA was engaged to work with the client to ensure that the new global IT organisation conformed to uniform policies and standards within an ambitious time frame.
Benefits to the client
With PA’s help our client implemented a fit for purpose IT / information security policy framework in the required five month time frame. This framework met the audit requirements for a comprehensive set of IT policies and were essential in enforcing the standards required to meet governmental and industry requirements for information security. On time implementation reduced the possibility of substantial fines related to Payment Card Industry regulations. With the policies in place, the company would now be able to come into compliance with PCI-DSS and ISO17799, lay the foundation for integration of COBIT and data continuity and have the initial policy building blocks in place to address e-discovery.
Furthermore, the framework was designed to grow with the organization. The compliance governance model provided a permanent mechanism for maintaining and updating policies and standards. This was achieved by minimising complexity, and establishing the governance, tools and education processes needed to enable the organisation to continue to be effective and maintain compliance into the increasingly complex future.
Please click on the 'contact us' button above to find out more about PA's experience transforming IT organisations.