CIO and CSOs: Your Company's Ethics Champions?
As ethics and compliance grows as an IT concern
, an increasing number of companieshave reportedlooking for CIOs, CSOs and other IT staff that not onlypossess the required technical skills, but also have personal values and morals that are similar to those of the company.Technology helpscompanies monitor, share and manage information. Technology alsocontributes to the success ofa company's
ethics and compliance program.In my opinion, a company's Chief Information Officer (CIO) and/or Chief Security Officer (CSO)is equally asimportant as the
Chief Ethics and Compliance Officer (CECO) when it comes to maintaining workplace ethics and compliance. Since CIOs are responsible for implementing IT systems and controlling the flow of information into and out of a company, CIOshave special skill sets and knowledge that can be used to protect their company from data breachesand other technical risks.
Here are3 different ways your company's CIO and CSO can become ethics heroes:
1.Tone from the CSO
The primary responsibility of the CSO is to implement systems in the workplace that provide allemployees with the ability to work together to maintain security.I came across a document published by Cisco Systems, titled "
Security at Centre Stage,"discussing the important contributions CSOs make to the workplace. The document states that, similar to the "tone at the top," CSOs must act as leaders tomakesure thetone at the top is heard by the IT department. From there, the IT department can develop policies and systems related to security and ethics that will be communicated to the entire organization.
At Cisco Systems, they have introduced the Corporate Security Programs Organization (CSPO) into the workplace to:
Provide training and awareness to employees- Informing employees of the various security risks at each level and training them to mitigate such risks.
Constant interaction- The CSPO believes strongly in communication and constant reminders to help employees change their ways and adopt practices for maintaining security.
Award and recognize- The CSPO has an annual awards ceremony, rewarding individuals who have gone above and beyond in ensuring security.
2. Build Compliance Rules into Company Systems
Building compliance rules, company policies and industry regulations into business systems holds employees and companies accountable for their actions. This is similar to what we do when building i-Sight for each of our unique clients, ascompanies today must proactively investigate allegations of fraud, theft or abuse to prevent significant financial liability and risk to the organization. As legislation surrounding ethics and compliance continues to increase, the IT department must take advantage of technologyand develop systems that are capable of monitoring and tracking these issues. The Cisco Systems document addresses thepractice of building laws and regulations into corporate information systems:
"Then, security and privacy legislation gained momentum. What once were merely mandates for government agencies quickly became strict guidelines for the public sectorthe Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley (GLB), to name but a few. So the CSO took on more of an oversight role. 'Any organization with state or federal regulations around protection schemes absolutely must have a security officer,' says Felix Santos, CISO for Performant Financial, based in Livermore, Calif. Unfortunately, the CSO often became a mere compliance tactician or, worse, was served up as a 'sacrificial lamb' in the event of a security breach."
3. Access Controls
In many companies, access controls are based on an employee's role in the organization or the department they work in. This practice keeps information on a need to know basis, limiting the risks and opportunities for information to fall into the wrong hands. Access controls can be adjusted during times of need, for example, if an employee requires information for a special project they are working on, they can ask permission to be granted temporary access to the information. The ComputerWorld article "Ethics: IT Should Help the Company Steer Clear of Corporate Scandals," by Mary K. Pratt, she discusses the importance of access controls at Texas Health Resources Inc.:
"Consider the challenge of handling patients' medical records. Even though the federal Health Insurance Portability and Accountability Act mandates that agencies keep those records private, caregivers still need to access them- when appropriate. So the organization's electronic health records system gives doctors and nurses who are caring directly for patients quick access when they use the right authentication, Alverson says. But additional authentication is required to get records for patients who aren't under the provider's immediate care. The system records who gets access to what, allowing officials to audit and review cases to ensure there's no inappropriate access
CIO and CSOs: Your Company's Ethics Champions?
By: i-Sight Software
Most Important 4 Codes of Ethics for Addiction Counselors Free Prayer Line - Religious Conference Call - Prayer line Fundamental Religious conflicts between Jews, Christians and Muslims Interesting Academic Disciplines: Religious Studies Realtors, You may be in violation of the NAR Code of Ethics Code Of Ethics Psychoanalytic Fanning religious flames Ethics In Nursing Serious Work Ethics Needed Muhammad describes the religious brotherhood Accident Claim Specialists: Messiahs In A World Without Ethics Religious Places in Goa Establishing a Code of Busines Ethics