DOCSLIB.ORG

Corporate Security's Professional Project

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Corporate Security's Professional Project CORE Metadata, citation and similar papers at core.ac.uk Provided by Cranfield CERES CRANFIELD UNIVERSITY DEFENCE COLLEGE OF MANAGEMENT AND TECHNOLOGY DEPARTMENT OF DEFENCE MANAGEMENT AND SECURITY ANALYSIS MSC THESIS Academic Year 2005- 2006 Anthony McGee CORPORATE SECURITY’S PROFESSIONAL PROJECT: AN EXAMINATION OF THE MODERN CONDITION OF CORPORATE SECURITY MANAGEMENT, AND THE POTENTIAL FOR FURTHER PROFESSIONALISATION OF THE OCCUPATION. Supervisor: Dr. Helen Peck October 2006 Master of Science (by research). © Cranfield University, 2006. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright holder. ‘Corporate Security’s Professional Project: An examination of the modern condition of corporate security management and, the potential for further professionalisation of the occupation.’ Anthony McGee Cranfield University 2006 Abstract. There is a common perception among corporate security managers that their occupation is afforded less status and is rewarded less well than the other management functions within business. In response to similar conceptions of the need to raise the value and status of their work, other occupations have historically embarked on so-called ‘professional projects’ whereby they collectively attempt to harness their specialist skills and knowledge as a commodity, the value of which they seek to raise and maintain. This small- scale qualitative study is intended to provide an insight into the analysis of corporate security managers and directors as to the health of their occupation and its standing in the modern corporate world. The study then examines the methods which other occupations have used to successfully improve the status of their practitioners and the value of their work. Finally, based on the analysis of the security managers and directors and the experience of other occupations, a broad strategy for corporate security’s own professional project is proposed. This study suggests that corporate security is currently enjoying divergent fortunes. The most successful security managers and directors enjoy parity of status with their peers from other functions and have taken on responsibilities far in excess of the traditional security department’s remit. However, at the other end of the spectrum there are many security managers who are afforded an inferior status to that of managers from other functions. As a result, they struggle to attract significant responsibility or resources within their organisations. The research suggests that other management functions have historically faced similar problems in their development. These other functions have used strategies of occupational negotiation, boundary work, closure and monopolisation to overcome their problems. Together these measures have constituted professional projects. Based on the appetite for professionalisation among our security managers, and the success of professional projects in comparable occupations, this study concludes that security management should embark on a professional project of its own. ii Acknowledgements. I have spent a fascinating year working on this research which, more than anything, has given me a valuable insight into the human dynamics of corporate organisations and the way things ‘get done’. I must first express my gratitude to those who have organised this joint project between Cranfield the RSMF, TSI and ASIS, in particular, Ivar Hellberg, Mike Hoare and John Smith. Without their fundraising efforts, and subsequent support in terms of time and resources, I would not have had this opportunity. Thanks to my supervisor Dr. Helen Peck who has given me valuable steer in research principles and shown great confidence in me throughout. Since I first arrived at DMSA Steve Gibson’s knowledge of corporate security has been an invaluable resource. So too has the library. Mandy Smith in particular has cheerfully dealt with my constant stream of inter- library loan requests and failure to return anything on time. My thanks also must go to Bruce George for suggesting that I apply for the project and for his continued guidance. I am grateful to the many people connected with corporate security who have taken time out of their busy schedules to offer me help and advice, or take part in one of the research interviews. Thanks finally to my parents who have patiently tolerated me in recent months as I have written up my research. iii Table of Contents. Page Table of Contents iv- vii List of Appendices vii List of Tables viii List of Figures viii CHAPTER 1: Introduction, Literature Study and Review. 1 1.1 Introduction 1 1.2 Literature Search 2 1.3 Literature Review 6 1.3.1 Is Security Management a Profession? 6 1.3.2 Sociological Perspective 9 1.3.3 The Status of Corporate Security 10 1.3.4 Summary of Literature Conclusions. 11 1.4 Research Questions and Aims 12 1.4.1 Research Questions 12 1.4.2 Aims 12 CHAPTER 2: Research Design. 14 2.1 Research Strategy 14 2.1.1 The Deductive Approach 14 2.1.2 The Inductive Approach 14 2.2 Ontological and Epistemological Considerations 16 2.3 Theoretical Perspectives 17 2.4 Methodology 18 2.4.1 Interviews 19 2.4.2 Single-Case Study 26 2.5 Summary of Research Design 27 iv Page CHAPTER 3: Corporate Security: It’s Development and its Modern Condition. 28 3.1 Introduction 28 3.2 Corporate Security’s Historical Roots 28 3.3 Contemporary Drivers for Corporate Security 30 3.4 Limits to the Success of Corporate Security 32 3.5 The Positioning of Security within an Organisation. 33 3.6 The Attitude of the Board 36 3.7 The Status of our Security Managers, and that of their Peers. 40 3.7.1 Company Specific Crises and Credibility 41 3.8. The Challenge of Achieving Parity 42 3.9 Summary of Conclusions 46 Chapter 4: The Background of a Security Manager: The Value of a Security Background. 47 4.1 Introduction 47 4.2 The ‘Peacekeepers’. 47 4.3 The Value of a Security Background? 49 4.4 Distinguishing between the Peacekeeping Careers. 53 4.5 The Corporate Security Managers of the future? 54 4.5.1 Change. 54 4.5.2 Continuity 55 4.5.3 Diversification 56 4.6 Advantages of Police and Military Backgrounds 56 4.6.1 Contacts and Networks 57 4.6.2 Demonstrable Pedigree 58 4.6.3 The Importance of Judgement and Experience 59 4.7 Summary of Conclusions 60 v Page CHAPTER 5: The Professional Project of Human Resource Management in the UK. 62 5.1 Introduction. 62 5.2 Origins of Personnel Management 62 5.3 The Challenge from Human Resource Management 65 5.4 Personnel Management as a Business Function 66 5.5 Personnel Management as a Profession 67 5.6 Professional Project 68 5.6.1 Historical Project 69 5.6.2 Modern, Reinvigorated Professional Project 71 5.7 Broader Activities 76 5.8 Current State of the HRM Profession 82 5.9 Summary of Conclusions 85 CHAPTER 6: Professions, Professionalism and Corporate Security. 86 6.1 Introduction 86 6.2 The Study of Professions 86 6.3 Varying Conceptions of Being ‘Professional’. 89 6.4 Professionalism: the ideal type. 92 6.4.1 Specialised work grounded in a body of theoretically Based Discretionary Knowledge and Skill. 93 6.4.2 Exclusive Jurisdiction in a Particular Division of Labour Created and Controlled by Occupational Negotiation. 95 6.4.3 Shelter from Labour Markets based on a Qualification. 98 6.5 Summary of Conclusions. 99 vi Page. CHAPTER 7: A Proposed Professional Project for Corporate Security. 101 7.1 Introduction 101 7.2 Corporate Security’s Professional Project 101 7.3 A Conversation about Corporate Security’s Professional Project 102 7.4 Occupational Negotiation 105 7.5 Boundary Work 110 7.6 Occupational Closure 112 7.7 Monopolisation 117 CHAPTER 8: Conclusions. 122 8.1 What is the Current state of Corporate Security? 122 8.2 How Have Other Disciplines Previously Sought to I I Improve their Levels of Professionalism and Status? 124 8.3 What Steps can Corporate Security take to Consolidate or Improve its Status? 124 8.4 A Future Corporate Security Profession? 126 APPENDICES: Appendix A: Interview Invitation Letter 127 Appendix B: Setting the Scene 128 Appendix C: Interview Schedule 129 BIBLIOGRAPHY: 132 vii List of Tables: 1.1 Search Terms, Rational and Limitations 4 1.2 Database Search Results 5 1.3 ISI/ Index to Thesis Search Results 6 5.1 Membership Grades of the CIPD 72 5.2 Routes to Chartered Membership 75 List of Figures: 7.1 An Occupation in its Unreformed State 108 7.2 A Successful Professional Project 110 viii 1. Introduction, Literature Search and Review. 1.1 Introduction “Key conclusion should be whether or not education and qualifications at this level will integrate security management into the business process at the same levels as other functional managers with comparable standards.” (Hoare 2005: 2) The terms of reference for this project as set out above are borne from a body of thinking which takes for granted that corporate security in the UK significantly lags behind the other mainstream business functions in term of how well its practitioners are regarded by executives of the business and how closely its practitioners are integrated into the general activity of the business. However, as discussed in the literature review, this body of thinking has never been substantiated by any academic research. The research conducted by Nalla and Moresh (2002) into the state of corporate security in the US contradicted much of the anecdotal pessimism and reported that corporate security as a business function was in fact well regarded and influentially located in most corporations. The work of Nalla and Moresh serves as an example of the dangers of ‘perceived wisdom’ being taken for granted in the field of corporate security and with this in mind the first objective of this research will be to try and add depth to the understanding of the current state of corporate security by carrying out the first qualitative, academic study of the status of the corporate security occupation ever undertaken in the UK.
Load more

Recommended publications
  • Systems Security Engineering – Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, Was Chosen to Appropriately Convey
    NIST Special Publication 800-160 Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS MICHAEL McEVILLEY JANET CARRIER OREN This publication contains systems security engineering considerations for ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes. It provides security-related implementation guidance for the standard and should be used in conjunction with and as a complement to the standard. This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-160 NIST Special Publication 800-160 Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS Computer Security Division National Institute of Standards and Technology MICHAEL McEVILLEY The MITRE Corporation JANET CARRIER OREN Legg Mason This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-160 November 2016 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director Special Publication 800-160 Systems Security Engineering A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems ________________________________________________________________________________________________ Authority This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems.
    [Show full text]
  • An Article About Security Management
    Cite as www.jha.ac/articles/a060.pdf BEYOND SECURITY PLANNING: TOWARDS A MODEL OF SECURITY MANAGEMENT COPING WITH THE SECURITY CHALLENGES OF THE HUMANITARIAN WORK Luis Enrique Eguren © July 2000 SUMMARY The challenges faced by humanitarian agencies working in violent scenarios pose the need for comprehensive and dynamic systems to cope with the security requirements. Security planning cannot answer all the questions: we must take a step further and discuss a model for security management. In this paper we propose an overall framework for a security management process and an incremental approach to security management. Both topics should allow agencies and practitioners to better undertake strategies for coping with the security challenges of humanitarian work. SECURITY MANAGEMENT VERSUS SECURITY PLANNING Some of the most effective humanitarian agencies have a Security Plan carefully stored in the fifth drawer of the senior manager desk (of course in many agencies that fifth drawer is full with other documents, and there is no a drawer for security plans). Even that Security Plan may consist of a series of protective measures, contingency plans and safety rules, which may be useful as security guidelines but do not grasp the fact that that security requires an adequate overall management, and it means much more than a security plan. Security cuts through all aspects of an agency´s work in a conflict scenario: it has to do with operations (as any targeting the agency may suffer can be consequence of its operations), with assessing a changing context (and conflict scenarios can change quickly), with flows of information (recording and assessing security incidents), with personnel (from recruiting to training and team building), with budgeting and funding and so on (for an in depth analysis of security management see Koenraad van Brabant´s manual1 and other relevant initiatives2).
    [Show full text]
  • Information Security Management Accounting
    7 Information Security Management Accounting Diego Abbo Candidate School of Systems Enginireering SSE- University of Reading (UK), Italy 1. Introduction Increased computer interconnectivity and the popularity of Internet are offering organizations of all types unprecedented opportunities to improve operations by reducing paper processing, cutting costs, and sharing information. However, the success of many of these efforts depends, in part, of an organization’ ability to protect the integrity, confidentiality of the data and systems it relies on. Many people seem to be looking for a silver bullet when it comes to information security. They often hope that buying the latest tool or piece of technology will solve their problems. Few organisations stop to evaluate what they are actually trying to protect (and why) from an organizational perspective before selecting solutions. In the field of information security the security issues tend to be complex and are rarely solved simply by applying a piece of technology. Furthermore the growing of interdependency of the complex integrated information systems will continue and accelerate and more technologies are integrated to deliver rich services. Today there is no way to model, understand, monitor and manage the risks presented by the growth of these systems. That also means that the investments in information security can’t have the appropriate accuracy and follow the common principle of redundancy increasing the non-productive costs of the businesses and/or services that are supporting by the above mentioned systems. On the other hand the failure of information security during the past decade are nothing short of spectacular. The inability of organisations to prevent increasingly dramatic compromises has led to huge financial losses, produced a great deal of embarrassment, and put every sector of the global economy at risk.
    [Show full text]
  • Architecture of Network Management Tools for Heterogeneous System
    (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 3, 2009 Architecture of Network Management Tools for Heterogeneous System Rosilah Hassan, Rozilawati Razali, Shima Mohseni, Ola Mohamad and Zahian Ismail Department of Computer Science, Faculty of Information Science and Technology Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia . Human: where human manager defines the policy and organization approaches. Abstract— Managing heterogeneous network systems is Methodology: defines the architectural a difficult task because each of these networks has its own curious management system. These networks framework and the functions to be usually are constructed on independent management performed. protocols which are not compatible with each other. Instrumentation: the actual operational This results in the coexistence of many management aspects that establish the procedures, systems with different managing functions and services methods and algorithms for data collection, across enterprises. Incompatibility of different processing and reporting, and analysis of management systems makes management of whole problems, their repair, prediction or system a very complex and often complicated job. forecasting of service levels and probable Ideally, it is necessary to implement centralized meta- level management across distributed heterogeneous improvements to enhance performance. systems and their underlying supporting network systems where the information flow and guidance is S&NM aims to provide network
    [Show full text]
  • BNY Mellon Corporate Social Responsibility 2019 Report
    2020CSR Report-cover.pdf 1 6/17/20 4:24 PM C M Y CM MY CY CMY K About This Report About This Report This is BNY Mellon’s 13th report covering corporate social responsibility (CSR) and environmental, social and governance (ESG) topics. Our annual updates in this report are not just about our company’s social and environmental impact, but also about how we view and integrate ESG considerations throughout our operations, leveraging opportunities and mitigating risks cross-functionally and across our lines of business. We publish our CSR report annually in the second quarter on www.bnymellon.com/CSR. Unless otherwise noted, this report includes data and activities from BNY Mellon’s global operations for the calendar year 2019. Unless otherwise noted, all data is as of 12/31/2019 and covers The Bank of New York Mellon Corporation and its subsidiaries. The report provides select data from past years in order to facilitate year-over-year analysis. This is our 11th report using the Global Reporting Initiative’s (GRI) framework, the world’s most widely used sustainability reporting framework. We prepared the report according to GRI Standards Comprehensive option. View the GRI Index on page 80. 2019 CSR and ESG Awards and Recognition Dow Jones Sustainability World Index (DJSI) 6 consecutive years CDP A List for climate management leadership 7 consecutive years FTSE4Good Global Benchmark Index 8 consecutive years Perfect score on the Corporate Equality Index for LGBTQ workplace equality, Human Rights Campaign Foundation 13 consecutive years Bloomberg Gender-Equality Index 5 consecutive years See a full list of our awards.
    [Show full text]
  • Chailease Holding Company Limited. Guidelines for Information Security Management I. Purpose 1. the Company Sets Forth These
    Chailease Holding Company Limited. Guidelines for Information Security Management Date: 2019/11/13 Approved by Chairman of the board I. Purpose 1. The Company sets forth these Guidelines in order to strengthen the information security management and establish a reliable information operating environment to ensure the Company's rights and interests. II. General Rule 2. The “Company” in the Guidelines, is referring to Chailease Holding and its affiliates. 3. The Company may conduct information security risk assessment in accordance with relevant laws and regulations to determine the level of information security requirements, and adopt appropriate measures to ensure the security of the Company's data operation. 4. Regarding the “appropriate measures” in the Guidelines, the risk level of each information asset and the degree of impact or harm to the Company's operation shall be comprehensively considered, and adopt commensurate and cost-effective information security measures. 5. The Company shall set relevant regulations and regularly evaluate the implementation results for the following information security measures: (1) The formulation of information security policy. (2) The responsibility division of information security. (3) The security management of computer system. (4) The security management of network. (5) The management of system access control. (6) The security management of system development and maintenance. (7) The security management of information assets. (8) Physical and environmental security management. (9) Sustainable business operation program. (10) Laws and operations compliance. III. The Formulation of the Information Security Policy 6. The Company shall set relevant information security policy in accordance with actual business needs, and notify relevant personnel to comply with the policy in writing, electronically or otherwise.
    [Show full text]
  • Security Management
    BACHELOR OF SCIENCE IN MAJOR SECURITY MANAGEMENT DEPARTMENT OF SECURITY, FIRE, AND EMERGENCY MANAGEMENT 524 West 59th Street, New York, NY 10019 n Haaren Hall, Room 433.08 n 212-237-8599 www.jjay.cuny.edu/department-security-fire-and-emergency-management See further major requirements at: www.jjay.cuny.edu/security-management-major-resources WHAT WILL YOU LEARN IN THIS MAJOR? Every significant public institution and private corporation has a security function associated with its mission to mitigate losses and risks. They need managers. The Bachelor of Science in Security Management focuses on the analysis of security risks and vulnerabilities, along with the administration of programs designed to reduce loss in both the public and private sectors. The major provides a comprehensive understanding of the principles, practices, technology and law within the security field. This enables managers to better safeguard persons, property, and privacy both inside and outside of the work environment. The major also prepares students for advanced study in John Jay’s unique graduate program in Protection Management and the new graduate online degrees in Security Management and Emergency Management. IN THIS MAJOR YOU WILL nnn FIRST COURSES IN THE MAJOR nnn Discover what is most important in reducing risks and SEC 101: Introduction to Security losses to organizations SEC 210: Methods of Security Identify emerging career opportunities in the private SEC 211: Security Management security industry and within proprietary workplaces Interpret and analyze laws, codes, standards, Students in the major will have a choice of the and practices pertinent to private security following categories of study: Learn the roles of cybersecurity and technology in the A.
    [Show full text]
  • Guide to Developing a Cyber Security and Risk Mitigation Plan
    NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan DOE Award No: DE-OE0000222 National Rural Electric Cooperative Association, Copyright 2011 1 NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan Prepared by Evgeny Lebanidze Cigital 21351 Ridgetop Circle Suite 400 Dulles, VA 20166-6503 [email protected] 703-585-5047 for The National Rural Electric Cooperative Association’s Cooperative Research Network 4301 Wilson Boulevard Arlington, VA 22203 National Rural Electric Cooperative Association, Copyright 2011 2 The National Rural Electric Cooperative Association The National Rural Electric Cooperative Association (NRECA), founded in 1942, is the national service organization supporting more than 900 electric cooperatives and public power districts in 47 states. Electric cooperatives own and operate more than 42 percent of the distribution lines in the nation and provide power to 40 million people (12 percent of the population). The Cooperative Research Network (CRN) is the technology research arm of NRECA. ©Guide to Developing a Cyber Security and Risk Mitigation Plan Copyright © 2011 by National Rural Electric Cooperative Association. Legal Notice This work contains findings that are general in nature. Readers are reminded to perform due diligence in applying these findings to their specific needs as it is not possible for NRECA to have sufficient understanding of any specific situation to ensure applicability of the findings in all cases. Neither the authors nor NRECA assumes liability for how readers may use, interpret, or apply the information, analysis, templates, and guidance herein or with respect to the use of, or damages resulting from the use of, any information, apparatus, method, or process contained herein.
    [Show full text]
  • Trade Facilitation and Security
    Trade Facilitation and Security Andrew Grainger Lecturer in Logistics and Supply Chain Management Nottingham University Business School Room B37; [email protected] Andrew Grainger, 'Trade Facilitation: A Conceptual Review' (2011) Journal of World Trade , 45, 1, pp. 39–62 © Andrew Grainger Page: 1 The Plumbing of International Trade • Trade facilitation looks at how procedures and controls governing the movement of goods across national borders can be improved to reduce associated cost burdens and maximise efficiency while safeguarding legitimate regulatory objectives. • To most practitioners trade facilitation is simply about cutting red-tape in international trade and making trade procedures more efficient Page: 2 Exporting Country Transiting Country Importing Country Customs: Customs: Customs • export declaration • unless there is a transit agreement traders will •Import declaration; many countries also require have to make a transit declaration upon entry, pre-notifications and authorisations Domestic Transit arrange for a financial transit security (bond), •Additional procedures frequently apply for lodge a transit declaration upon exit and request Tariff Quota and Import Licences moving goods from seller’s premises to the for the security to be returned •Application, receipt, payment of fees, queue at border •In some countries inspection on entry and exit government office, attach licence to import can be frequent; others may just check transit declaration, keep a record of quota amount used seals Export Licences (many different line ministries) •Requirements for these can be prolific, Sanitary and Phytosanitary Commercial Procedures especially in developing countries • certain types of goods may be subject to •arrange contract with seller, agree Incoterms, •Application, receipt, fees, queue at government sanitary and phytosanitary requirements contract with transport and logistics companies, office, attach licence to import declaration arrange for payment for goods (e.g.
    [Show full text]
  • Business Leader Strategies That Fulfill Corporate Social Responsibility
    Walden University ScholarWorks Walden Dissertations and Doctoral Studies Walden Dissertations and Doctoral Studies Collection 2020 Business Leader Strategies that Fulfill Corporate Social Responsibility Franklyn Abraham Walden University Follow this and additional works at: https://scholarworks.waldenu.edu/dissertations Part of the Business Commons This Dissertation is brought to you for free and open access by the Walden Dissertations and Doctoral Studies Collection at ScholarWorks. It has been accepted for inclusion in Walden Dissertations and Doctoral Studies by an authorized administrator of ScholarWorks. For more information, please contact [email protected]. Walden University College of Management and Technology This is to certify that the doctoral study by Franklyn Abraham has been found to be complete and satisfactory in all respects, and that any and all revisions required by the review committee have been made. Review Committee Dr. Lisa Cave, Committee Chairperson, Doctor of Business Administration Faculty Dr. Janie Mayo, Committee Member, Doctor of Business Administration Faculty Dr. Gwendolyn Dooley, University Reviewer, Doctor of Business Administration Faculty Chief Academic Officer and Provost Sue Subocz, Ph.D. Walden University 2020 Abstract Business Leader Strategies that Fulfill Corporate Social Responsibility by Franklyn Abraham MS, University of North Texas, 2015 BS, Prairie View A&M University, 1997 Doctoral Study Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Business Administration Walden University February 2020 Abstract Ineffective corporate social responsibility (CSR) strategies harm the organizational brand, reputation, and financial growth. Business leaders who lack strategies to achieve CSR initiatives risk the profitability of their organizations. Grounded in stakeholder theory, the purpose of this qualitative multiple case study was to explore CSR strategies leaders of small and medium sized enterprises (SMEs) use to sustain profitability.
    [Show full text]
  • 10 Considerations for a Cloud Procurement
    10 Considerations for a Cloud Procurement March 2017 © 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. Amazon Web Services – 10 Considerations for a Cloud Procurement Contents Purpose 2 Ten Procurement Considerations 2 1. Understand Why Cloud Computing is Different 2 2. Plan Early To Extract the Full Benefit of the Cloud 3 3. Avoid Overly Prescriptive Requirements 3 4. Separate Cloud Infrastructure (Unmanaged Services) from Managed Services 4 5. Incorporate a Utility Pricing Model 4 6. Leverage Third-Party Accreditations for Security, Privacy, and Auditing 5 7. Understand That Security is a Shared Responsibility 6 8. Design and Implement Cloud Data Governance 6 9. Specify Commercial Item Terms 6 10. Define Cloud Evaluation Criteria 7 Conclusion 7 Page 1 Amazon Web Services – 10 Considerations for a Cloud Procurement Purpose Amazon Web Services (AWS) offers scalable, cost-efficient cloud services that public sector customers can use to meet mandates, reduce costs, drive efficiencies, and accelerate innovation.
    [Show full text]
  • Data Privacy in Business Process Management Organizations
    Data Privacy in Business Process Management organizations. Business Process Management (BPM) organizations that conduct outsourcing and transformation business in a transnational environment face a multitude of challenges related to the privacy and protection of their client’s confidential and sensitive information. Globalization of data through cross border data flows, enablement of multi-shore data processing through interconnected networks and virtual technology architectures, diverse global geographies environments and cultures, industry specific regulations and stringent contractual requirements; all continue to influence the usage and protection of individual’s Personal Information (PI) in this global business environment. Global BPM organizations are required to maintain compliance across all the three dimensions: with the laws of the land across the geographies in which they operate globally such as UK DPA & Indian IT Act, with the industry specific regulations, such as GLBA, HIPAA, HITECH that they operate in and with client’s legal binding contractual obligations. There is an increasing need therefore for these organizations to have a comprehensive Information Security Management System (ISMS) and Data Privacy (DP) Framework to adequately protect various forms of personal and confidential data that is part of their multi-shore business operations. A robust Information Security and Data Privacy program should address the information lifecycle phases in its entirety (collection, use, sharing, disclosure, retention and disposal) in its entirety. Some of the most important factors in driving such programs successfully are to establish cross- functional & multi-disciplinary teams, establish senior management sponsorship, periodic governance with the internal stakeholders & with the clients counterparts and promote the awareness of the program by embedding it culturally into the organization’s core fabric.
    [Show full text]