Risk assessment is a vital component in BC (Business Continuity) planning. Through risk assessment, your company may determine what vulnerabilities your assets possess. Not only that, you’ll also be able to quantify the loss of value of each asset against a specific threat. That way, you can rank them so that assets that are most likely to cripple your business when say a specific disaster strikes can be given top priority.
However, a poorly implemented risk assessment may also cost you unnecessary expenditures. Many risk assessors are too enthusiastic in pointing out risks that, at the end of the assessment, they tend to over-appraise even those having practically zero probability of ever occurring.
We can assure you of a realistic assessment of your assets’ risks and propose cost-effective countermeasures. These are the things we can do:
Identify your unsafe practices and propose the best alternatives.
Perform qualitative risk assessment if you want fast results and lesser interruptions on your operations.
Perform quantitative risk assessment if you want the most accurate depiction of your risks and the corresponding justifiable costs of each.
Conduct frequency and consequence analysis to identify unforeseen harmful events and determine their effects to various components of your organisation and its surroundings.
The General Data Protection Regulation or GDPR is a European Union law reinforcing the rights of citizens concerning the confidentiality of their information, and confirming that they own it. We thought it would be interesting to examine the GDPR effective 25 May 2018 from an Irish citizen?s perspective. This article is a summary of information on the Data Protection Commissioner?s website, but as viewed through a businessperson?s lens.
How the Office Defines Data Protection
The Office believes that organisations receiving personal details have a duty to keep them private and safe. This applies inter alia to information that individuals supply to government, financial institutions, insurance companies, medical providers, telecoms services, and lenders. It also applies to information provided when they open accounts.
This information may be on paper, on computers, or in video, voice, or photographic records. The true owners of this information, the individuals have a right:
To make sure that it is factually correct
To the assurance that it is shared responsibly
That all with access only use it for stated purposes
Any organisation requesting personal information must state who they are, what the information is for, why they need to have it, and to whom else they may provide it.
Consumer Rights to Access Their Personal Information
Private persons have a right under the GDPR to a copy of all their information held or processed by a business. The regulation refers to such businesses as ?data controllers? as opposed to owners, which is interesting. They have to provide both paper and digital data, and ‘related information?.
Data controller fees for this are discretionary within limits. The request may be denied under certain circumstances. The data controller may release information about children to parents and guardians, only if it considers a minor too young to understand its significance. Other third parties such as attorneys must prove they have consent.
Consumer Rights to Port Their Data to Different Services
Since the personal information belongs to the individual, they have a right not only to access it, but also to copy or move it from one digital environment to another. The GDPR requires this be ?in a safe way, without hindrance to usability?. An application could be a banking client that wants to upload their transaction history to a third party price comparison website.
However, the right to data portability only applies to data originally provided by the consumer. Moreover, an automated method must be available for porting. Data controllers must release the information in an open format, and may not charge for the porting service.
Consumer Rights to Complain About Personal Data Abuse
Individuals have a right under the General Data Protection Regulation to have their information rectified if they discover errors. This right extends to an assurance that third parties know about the changes – and who these third party entities are. Data controllers must respond within one month. If they decline the request, they must inform the complainant of their right to further remedial action.
If a data controller refuses to release personal information to the owner, or to correct errors, then the Data Protection Office has legal power to enforce the consumer?s rights. The complainant must make full disclosure of the history of their complaint, and the steps they have taken themselves to attempt to set things right.
Further Advice on Getting Things Ready for 25 May 2018
The General Data Protection Regulation has the full force of law from 25 May 2018 onward, and supersedes all applicable Irish laws, regulations, and policies from that date. We recommend incorporating rights of data owners who are also your customers into your immediate plans. We doubt that forgetting to do so will cut much sway with the Data Commissioner. Remember, you have one month to respond to consumer requests, and only one more month to close things out subject to the matter being complex.
First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.
Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?
Role of control frameworks in SOX compliance
You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.
In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.
That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.
In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??
Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.
But there are many control frameworks out there. What should you use?
How SOX, COSO, and COBIT fit together
Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.
In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.
Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.
This is where COBIT fits the bill.
How COBIT can contribute to your regulatory compliance endeavors
COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.
Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.
Some of the components you’ll find in COBIT include:
IT control objectives
These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.
Maturity models
These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.
RACI charts
These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.
Goals and Metrics
These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.
In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.
Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.
For many people within the UK, water is not really something to worry about. Surely enough of it falls out the sky throughout the year that it does feel highly unlikely that we?ll ever run out of it. There certainly does seem to be an abundance of Branded Water available in plastic bottles on our supermarket shelves.
Water, water, every where, And all the boards did shrink; Water, water, every where, Nor any drop to drink.
Despite this, Once-unthinkable water crises are becoming commonplace. If you consider that In England and Wales, we use 16 billion litres of clean drinking water every day ? that’s equivalent to 6,400 Olympic sized swimming pools.
Currently, water companies can provide slightly more than we need ? 2 billion litres are available above and beyond what we’re using. In some areas, though, such as south east England, there is no surplus and, as such, these regions are more likely to face supply restrictions in a dry year.
If we take little moment to reflect on some of the most notable water related stories over the past few years, we’ll start to get a picture of just how real the potential and the threat of water shortages can be.
Reservoirs in Chennai, India?s sixth-largest city, are nearly dry right now. Last year, residents of Cape Town, South Africa narrowly avoided their own Day Zero water shut-off.
It was only year before that, Rome rationed water to conserve scarce resources.
Climate change is likely to mean higher temperatures which may drive up the demand for water (alongside population growth) and increase evaporation from reservoirs and water courses during spring and summer.
The impact of climate change on total rainfall is uncertain, but the rain that does fall is likely to arrive in heavier bursts in winter and summer. Heavier rain tends to flow off land more quickly into rivers and out to sea, rather than recharging groundwater aquifers.
A greater chance of prolonged dry periods is also conceivable. This combined with the harsh reality that no human population can sustain itself without sufficient access to fresh water.
If present conditions continue, 2 out of 3 people on Earth will live within a water-stressed zone by 2025
What is water stress?
Water stress is a term used to describe situation when demand for water is greater than the amount of water available at a certain period in time, and also when water is of poor quality and this restricts its usage. Water stress means deterioration in both the quantity of available water and the quality of available water due to factors affecting available water.
Water stress refers to the ability, or lack thereof, to meet human and ecological demand for water. Compared to scarcity, water stress is a more inclusive and broader concept.
Water Stress considers several physical aspects related to water resources, including water scarcity, but also water quality, environmental flows, and the accessibility of water.
Supply and Demand
Major factors involved when water scarcity strikes is when a growing populations demand for water exceeds the areas ability to service that need.
Increased food production and development programs also lead to increased demand for water, which ultimately leads to water stress.
Increased need for agricultural irrigation in order to produce more crops or sustain livestock are major contributors to localised water stress.
Overconsumption
The demand for water in a given population is fairly unpredictable. Primarily, based on the fact that you can never accurately predict human behaviour and changes in climate.
If too many people are consuming more water than they need because they mistakenly believe that water is freely available and plentiful, then water stress could eventually occur.
This is also linked to perceived economic prosperity of a give region. Manufacturing demand for water can have huge impact regardless whether water is actively used within the manufacturing process or not.
Water Quality
Water quality in any given area is never static. Water stress could happen as a result of rising pollution levels having a direct impact on water quality.
Water contamination happens when new industries either knowingly or unknowingly contaminate water with their industrial practices.
Largely, this can happen and frequently does so because these industries do not take effective control of monitoring and managing their impact on communal water supplies. Incorrectly assuming this is the responsibility of an additional third party like the regional water company.
The truth is, water quality and careful monitoring of it is all of our responsibility.
Water Scarcity
Simple increases in demand for water can in itself contribute to water scarcity. However, these are often preceded by other factors like poverty or just the natural scarcity of water in the area.
In many instances, the initial locations of towns or cities were not influenced by the close proximity of natural resources like water, but rather in pursuit of the extraction of other resources like Gold, Coal or Diamonds.
For Instance, Johannesburg, South Africa is the largest City in South Africa and is one of the 50 largest urban areas in the world. It is also located in the mineral rich Witwatersrand range of hills and is the centre of large-scale gold and diamond trade.
Johannesburg is also one of the only major cities of the world that was not built on a river or harbour. However, it does have streams that contribute to two of Southern Africas mightiest rivers – Limpopo and the Orange rivers. However, most of the springs from which many of these streams emanate are now covered in concrete!
Water Stress and Agriculture
Peter Buss, co-founder of Sentek Technology calls ground moisture a water bank and manufactures ground sensors to interrogate it. His hometown of Adelaide is in one of the driest states in Australia. This makes monitoring soil water even more critical, if agriculture is to continue. Sentek has been helping farmers deliver optimum amounts of water since 1992.
The analogy of a water bank is interesting. Agriculturists must ?bank? water for less-than-rainy days instead of squeezing the last drop. They need a stream of real-time data and utilize cloud-based storage and processing power to curate it.
Sentek?s technology can be found in remote places like Peru?s Atacamba desert and the mountains of Mongolia, where it supports sustainable floriculture, forestry, horticulture, pastures, row crops and viticulture through precise delivery of scarce water.
This relies on precision measurement using a variety of drill and drop probes with sensors fixed at 4? / 10cm increments along multiples of 12? / 30cm up to 4 times. These probe soil moisture, soil temperature and soil salinity, and are readily repositioned to other locations as crops rotate.
Peter Buss is convinced that measurement is a means to an end and only the beginning. ?Too often, growers start watering when plants don’t really need it, wasting water, energy, and labour. By accurately monitoring water can be saved until when the plant really needs it.
Peter also emphasises that crop is the ultimate sensor, and that ?we should ask the plant what it needs?.
This takes the debate a stage further. Water wise farmers should plant water-wise crops, not try to close the stable door after the horse has bolted and dry years return.
The South Australia government thinks the answer also lies in correct farm dam management. It wants farmers to build ones that allow sufficient water to bypass in order to sustain the natural environment too.
There is more to water management than squeezing the last drop. Soil moisture goes beyond measuring for profit. It is about farming sustainably using data from sensors to guide us.
Ecovaro is ahead of the curve as we explore imaginative ways to exploit the data these provide for the common good of all.
A Quarter of the World?s Population, Face High Water Stress
Data from WRI?s Aqueduct tools reveal that 17 countries? home to one-quarter of the world?s population?face ?extremely high? levels of baseline water stress, where irrigated agriculture, industries and municipalities withdraw more than 80% of their available supply on average every year.
Water stress poses serious threats to human lives, livelihoods and business stability. It’s poised to worsen unless countries act: Population growth, socioeconomic development and urbanization are increasing water demands, while climate change can make precipitation and demand more variable.
How to manage water stress
Water stress is just one dimension of water security. However, like any challenge, its outlook depends on adequate monitoring and management of environmental data.
Even countries with relatively high water stress have effectively secured their water supplies through proper management by leveraging the knowledge they have garnered by learning from the data they gathered.
3 ways to help reduce water stress
In any geography, water stress can be reduced by measures ranging from common sense to innovative technology solutions.
There are countless solutions, but here are three of the most straightforward:
1. Increase agricultural efficiency: The world needs to make every drop of water go further in its food systems. Farmers can use seeds that require less water and improve their irrigation techniques by using precision watering rather than flooding their fields.
Businesses need to increase investments to improve water productivity, while engineers develop technologies that improve efficiency in agriculture.
2. Invest in grey and green infrastructure: D Data produced by Aqueduct Alliance – shows that water stress can vary tremendously over the year. WRI and the World Bank?s researchshows that built infrastructure (like pipes and treatment plants) and green infrastructure (like wetlands and healthy watersheds) can work in tandem to tackle issues of both water supply and water quality.
3. Treat, reuse and recycle: We need to stop thinking of wastewater as waste.
Treating and reusing it creates a ?new? water source.
There are also useful resources in wastewater that can be harvested to help lower water treatment costs. For example, plants in Xiangyang, China and Washington, D.C. reuse or sell the energy- and nutrient-rich byproducts captured during wastewater treatment.
Summary
The data is undeniably clear, there are very worrying trends in water.
Businesses and other other organisations need to start taking action now and investing in better monitoring and management, we can solve water issues for the good of people, economies and the planet. We collectively cannot kick this can down the road any further, or assume that this problem will be solved by others.
It is time, for a collective sense of responsibility and for everyone to invest in future prosperity of our Planet as a collective whole. Ecological preservation should be at the forefront of all business plans because at the end of the day profit is meaningless without an environment to enjoy it in!
