Compliance and governance are often the driving force behind process and procedures. It is essential to establish a baseline for protecting assets and customers. DSM’s compliance evaluation and toolkits help you to understand vulnerabilities, prioritize information protection and make informed decisions on the allocation of IT Governance and Compliance funds.
DSM defines the policies, controls, processes, roles and responsibilities, and metrics at a high-level based on industry-standard models. It's essential that your company's culture, operating environment and business model shape the IT governance framework. That’s why DSM starts with the DSM.itil framework and customizes the components to fit your business. The framework includes IT Strategy Management, IT Risk Management, IT Value Management and IT Operational Management.
Once the policies and controls are defined, DSM helps you to implement those policies to protect your business assets, meet stakeholder requirements, and maintain management assurance that processes are functioning as intended. DSM helps to ensure that processes maintain proper documentation, management review and improvement.
IT Governance comprises formal and informal rules and practices, focusing on:
- Effective IT governance addresses
- Information services
- Risk Management
- Organizational decision rights
- Information security policy, processes and procedures
- What services are offered and the value IT provides the business
- How decision rights are aligned with controls to mitigate risks
- Who is accountable for delivering IT value
- How IT resources are allocated
DSM’s methodology is simple and concise and will assist your organization in preparing for both internal and external audits. Always considered are business risks, evaluation of management-defined controls, and validation the controls are followed and monitored.
DSM simplifies these IT audits and more:
- Financial Audits - SOX
- Healthcare - HIPAA
- Information Protection – HIPAA, GLBA, PCI and state laws
- Supply Chain - SAS 70 / SSAE 16
- Security - ISO 27001 / ISO 17799
- Client Notification - CA SB1386