Security, Continuity & Compliance Gordon McKenzie Business Development Director, Syan Limited

What’s it all about? Legislation Regulation/Directives Standards and Accords Greater disclosure and openness

What’s it all about? REGULATORY COMPLIANCE  Sarbanes-Oxley  Basel II  Global Privacy Directives It’s not just SOX Sarbanes-Oxley only directly affects approximately 400+ companies in Europe: Not just the largest – just those listed in the US

What’s it all about? RISK MANAGEMENT  Legal Liabilities  Brand Value Protection  Stakeholder Satisfaction  Financial Performance Protection

And if you don’t? Regulator attention Fines Higher auditing bills Reduction in brand image Failing investor confidence  reduced share price  potentially terminal Lower credit rating  higher cost of capital Legislation breach – Prison!

Businesses don’t want to comply! Businesses exploit loopholes Compliance is a cost Compliance creates level playing fields That is why we have legislation / regulation

Butler Group’s Compliance Matrix

Technology of Compliance Business Process Management Collaboration Digital/ Archiving Disaster Recovery Content Management, including & Records Management Business Intelligence/Analysis Corporate Performance Management Search/Discovery/Retrieval Identity Access Management Network Security Policy Management Profiling INFORMATION MANAGEMENT INFORMATION ANALYSIS INFORMATION SECURITY

What does it mean? The information needs to be available –To the right people –At the right time Reports must be out on time Lost data is not an excuse Neither is a broken system or a network failure Disasters can (and will) happen Information needs to be managed

Traditional Disasters… But you must try to protect against all eventualities

What is a disaster? Not just natural disasters Anything that has the potential to damage your business can be classed as a disaster

Data must be protected Customer Data  Personal Data Files  Financial Records / Credit History  Medical History Employee HR Data  Employment History  Employee Reviews  Wage/Salary Structures  Health Records

Assets must be protected Intellectual Property  Research and Development Product designs and cost budgets  Business Methods and Best Practices  Proprietary Source Code  Specific Project Data  Proposals and Price Lists  Marketing plans, advertising and packaging

Information must be available High Availability Disaster Recovery Business Continuity Many different solutions

Windows Syan’s Availability Solutions pSeries HACMP HACMP-XD Storage ESS & DS Family Tivoli Linux Disaster Recovery and Business Continuity Facilities iSeries Networks Intel

It’s not just about the data Secure and managed access Secure and managed infrastructure Secure and managed record of all process: –Ensuring consistency –Keeping all the doors bolted

You can’t outsource it! You can outsource the service – but not the responsibility –The outsourcer will not stand alongside you in court But if managed properly outsourcing can help

What can you outsource? Everything but the responsibility Decide what your business is about? Do you want to be a delivery company? Do you want to be a warehousing company? Do you want to be an IT company? What services could be done better by specialists? And then choose someone you can trust – your business will depend on it

BS7799 / ISO17799 Big investment But a big saving when being audited "We always believed that Syan was doing things right and, following the SOX audits, we now know that they are. If Syan had failed the audits, then we would have failed.“ Anthony Mitchell, Network Administrator for Gardner Denver International

The Specialists in IT Outsourcing and IBM eServer Solutions Visit for more information about Syan’s Services