Read the latest insights from the Camms team.
Adam Collins | October 2, 2020
We are excited to announce that our industry recognized Risk Management Software Solution, Camms.Risk, was yet again named as a “High Performer” in the GRC software category by G2 in their Fall 2020 report. This marks the 3rd consecutive quarter in 2020 Camms.Risk has been recognized by G2 in its quarterly Grid report.
Daniel Kandola | October 1, 2020
Transferring products from A to B quickly and efficiently is the name of the game in the constantly moving world of transportation and logistics. Unfortunately, a myriad of variables means this process is rarely as easy as ABC at the best of times – and 2020 is proving more algebra than alphabet. Navigating a clear course within the sector has never been so challenging. Existing risks have been overshadowed – or in some cases accelerated – by an unprecedented global event that has brought the importance of organisational resilience into sharp focus: the COVID-19 pandemic.
Beau Murfitt | September 25, 2020
Major banking institutions have been at pains to stress their determination to overhaul their ability to combat financial crime of late – following a string of high-profile corruption scandals. Unfortunately, these claims appear to be words without substance after a disturbing tale of leaked documents, dirty money, and international crime emerged – one that sounds more like something from a Netflix crime drama than the world of regulatory compliance.
Daniel Kandola | September 17, 2020
The rapid spread of the COVID-19 pandemic has completely blindsided society in 2020, with devastating effect. But was this cataclysmic event a black swan? It appears not. According to the National Risk Register – an overview of the risks of major emergencies that could impact the UK in the next five years – the threat of a pandemic was firmly on the government’s radar: “experts agree that there is a high probability of another influenza pandemic occurring, but it is impossible to forecast its exact timing or the precise nature of its impact.” In fact, of all the high consequence risks outlined in the register – from severe weather to terrorist attacks – a pandemic was considered to have the highest potential impact.
This threat wasn’t classified information reserved for senior figures in Whitehall; it had filtered down to local government level. Take Camden Council, for example, which – like other local authorities – already had information about pandemic risk fed to them by Public Health England. Camden subsequently rated a ‘pandemic flu’ as a 4/5 likelihood and 5/5 for potential damage on its risk register – proof that more high-profile risks like terror and cyber-attacks weren’t their only focus when it came to organisational resilience.
Daniel Kandola | September 10, 2020
What a difference a year can make. Cast your mind back to 2019: the global defence sector was on the offensive due to budget increases and military modernisation was the plan of attack, as growing security concerns forced governments to invest heavily in new equipment. So much so that international defence expenditure was forecast to grow between 3% and 4% in 2020 to reach an estimated US$1.9 trillion – driven by increased spending in the US, Russia, China and India.
Daniel Kandola | September 2, 2020
Successful organisational resilience relies heavily on the four sights: insight, foresight, oversight and hindsight. Unfortunately, anticipating and preparing for sudden
Warwick Kirby | August 24, 2020
McKinsey & Company published an insightful article in March 2020 – Beyond coronavirus: the path to the next normal.
Kevin Sneader and Shubham Singhal stated, that to win the war against Coronavirus required action across five horizons: Resolve, Resilience, Return, Reimagination, and Reform.
Brad Smith | August 5, 2020
The impact of the massive global disruption from the COVID-19 pandemic during 2020 has been felt in virtually every organizsation, workplace, and household around the world. With or without an effective vaccine, the pandemic’s far reaching impacts will be felt globally for some time to come.
Brad Smith | July 28, 2020
We all know that reporting safety incidents in the workplace is essential to managing risk, but with the advent of COVID-19 the relationship between risk and incident has taken on a whole new meaning.
Camms | July 23, 2020
Camms has continually evolved since we were founded in 1996! With nearly 25 years of experience in business software solutions, we have continually invested in making our software right for supporting organizations to achieve their goals.
Camms | June 11, 2020
To provide our customers with assurance around Camms' ongoing commitment to information security management, we are pleased to announce that we have recently achieved certification of the ISO 27001:2013 standard for our major offices around the globe. This followed an in-depth set of assessments over the past 6 months including onsite audits in all locations.
Camms | June 4, 2020
The largest implementation partner of Adaptive Insights in the APAC region, GK Horizons, are trusted by their customers across various industry verticals to improve not only their financial insights but their business agility and overall performance.
Brad Smith | June 1, 2020
Today’s climate proves that both local and global events can significantly impact the strategy and operations of an organisation. With key attributes in today’s volatile and uncertain environment being agility and flexibility,
Camms | April 21, 2020
Tomorrow needs pace, agility and quick decisive management. Today is the day to invest in the right risk management software. Rapid change is a constant in today’s environment.
Yasith Fernando | November 25, 2019
Sustainable Software Development refers to a set of principles and practices which enables a team to maintain an optimal speed in development indefinitely for the sustainability of the development team and ergo, the company.
Enterprise risk management has a primary objective of ensuring organizations comply with legal and regulatory obligations needed to conduct business.Companies conducting business in the EU now have a May 25th deadline for compliance with the new General Data Protection Regulation (GDPR) rolled out to replace the antiquated 1995 Data Protection Directive.
Companies do not have much time to review and update data security processes, we are here to help with a quick guide to ensure your risk management program is ready to be GDPR compliant.
The General Data Protection Regulation is Europe’s new data protection standard which goes into effect across all of the EU at the end of May. GDPR is the four-year conclusion in an attempt to bring outdated data security laws into the 21st century. GDPR’s site states the “aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.” The amount of data being collected has vastly increased over the last twenty years and change was needed to meet current demand for updated data protection regulations.
GDPR gives individuals or “data subjects” significant new rights over how their personal data is collected and used by companies. Risk managers must be made cognizant of the fact that if the company collects data in the EU in any way, shape, or form you must adhere to the new security standards. This would include American companies who collect personal data from consumers and collecting data does not require a financial transaction to occur before the regulation kicks in. In a world of economic globalization, GDPR will impact companies all over the world, from China to Australia. Risk professionals on a global scale will need to ensure internal controls are in place to comply with GDPR for all processes involving data collection.
Adhering to legal and regulatory requirements is crucial for any business to lower the risk of adverse actions from governmental entities (e.g. fines, sanctions, etc.). As stated above, any business in the EU or company doing business within the EU will have to comply with GDPR. In today’s globalized economy, this EU regulation will impact a large amount of companies that must now ensure their data protection processes are up to par.
As companies must be compliant by May 25th of this year, time to restructure and adjust internal processes to avoid risk of penalties is depreciating rapidly.
Companies doing business in the EU must be aware of GDPR’s regulatory impact on meeting objectives. Data protection processes must be audited to ensure they are up to speed with all that GDPR is requiring for its 28-member states. Furthermore, Brexit or not, this new regulation will impact UK businesses in one way or another. There is no time for hesitation, risk management professionals must make their leadership aware of how this regulation could impact the pursuit of business objectives.
Data controllers, who determine the purpose and manner in which personal data is processed, have specific requirements that must be met to avoid stiff non-compliance penalties. These penalties are assessed based on specific criteria used to determine the final amount a company will be penalized, such as nature of breach, cooperation, and data type. Penalties are broken down into lower-level and upper-level, fines can range from 2-4% of prior year global revenues or up to 20M euros, whichever is higher. These penalties not only pose a significant risk to companies but can cause severe adverse impact to organizations if taken lightly.
Another GDPR requirement that will significantly impact companies’ risk management programs is the 72-hour window to report data breaches by the data controller. If a cyber breach occurs by external entities a company would have a very small window to implement a crisis communication plan to deal with the reputational impact of a cyber breach. Risk management professionals must work to ensure effective, transparent communication strategies are on stand-by in the case of a cyber breach which are becoming more prevalent by the day. Issues such as these go beyond the realm of GDPR just being an IT compliance issue but one that impacts the entire organization, demanding the attention of enterprise risk management practitioners.
Start by reading the EU GDPR: A Pocket Guide, which condenses the 261 pages of legal jargon into an easy to understand guide that will help get you on the right path to compliance. Due to the short compliance window, this guide can be a life saver to cover all the compliance bases in a short period of time.
Perform research and document findings assessing internal processes related to data protection. Any and all data needs to be thoroughly audited avoiding gaps in compliance coverage that can result in missed opportunities to protect consumer data. As business processes evolve, internal data environments should be scanned on a regular basis to ensure constant compliance. Stiff penalties should be a good motivator for updating leadership’s risk tolerance when it comes to data security.
Collected data should be audited to identify areas where internal processes require revisions or creation. Data with no required compliance can utilize existing processes as the risk of penalty does not exist. However, data that is now required to follow the regulations will need to be placed aside for further evaluation.
Critical data housed that is required to run the business should be evaluated first. A risk assessment of all private data should be completed, reviewing policies and procedures to ensure adherence to GDPR requirements. Critical data resources should have priority, then back-ups and other data repositories can be addressed later on. Security measures will need to be updated for all critical data processes, this will result in a more robust IT risk management environment within the organization.
Data security measures updated to comply with GDPR should be monitored on an on-going basis. This practice is crucial to ensure there is little to no exposure to compliance risks that could result in severe financial penalties. An added benefit to continuous monitoring of data protection performance is increased risk assurance within and outside the organization. Consumers are more willing to do business with a company that takes pride in ensuring customer’s data rights are being protected during the course of business.
Risk management professionals must be ready to bring their business up to speed in terms of how it protects the data of consumers. Regardless of the organization, leadership will want to make sure consumer data is being protected up to the new standards to avoid the stiff penalties of non-compliance. This is not a task that simply relates to IT, the adverse impacts of non-compliance span far greater, impacting every level of the organization. However, with the steps outlined above, any company can make sure they have no data protection worries come May 25th.