In this episode, The Kitchen looks at the upcoming EU’s mandatory supply chain due diligence Directive that will likely apply to all business operating in the European Union market.
Day: June 21, 2021
Alan Gibson is the current Director of Legal and Compliance Innovation at Microsoft and is Tom Fox’s first guest on Microsoft Week at the Innovation in Compliance podcast. Alan has worked in various fields – from legal to compliance to business. He’s a thought leader and currently involved in helping companies manage compliance risks and measure program effectiveness. He and Tom discuss his role at Microsoft and what companies need to be thinking about in the future with respect to legal compliance.
Data Analytics in Microsoft
Tom asks Alan to explain how Microsoft implements its data analytics program for compliance. Alan responds that the focus was on first identifying which sales agreements and channel partners posed the most corruption risk to Microsoft. “Our compliance team partnered closely with our finance internal audit and our business team to figure out how we could use the data that we were collecting in our sales contracts and from our third parties to create this early warning and monitoring system to identify which contracts needed to be routed for additional compliance oversight,” Alan tells Tom. The business unit and frontline salespeople were then able to use this data to prove to the business leaders at Microsoft that they were identifying risky sales contracts, and this program was built into the business process to manage risky sales.
Challenges in Legal Compliance Innovation
One of the big challenges surrounding legal compliance innovation is helping individuals understand its ecosystem, Alan remarks. Another challenge is that delivering compliance solutions requires stakeholders. “It goes to working with law firms, working with compliance consultants, alternative legal service providers, legal tech vendors, and really helping people understand how all of this ecosystem works together to address these challenges,” he tells Tom. There is also the cultural challenge in that legal services have lagged behind finance and HR and their digital transformations.
What’s Next
Companies have to think about the direction they want their legal departments to go and what steps they have to take to get them there. “They need the greatest contract lifecycle management system,” Alan tells Tom. Companies have to consider whether the decisions they make will allow them to have the capabilities they want in the coming years. “…It’s people, process, and technology; you have to think about your solutions or where you want to go on your digital transformation across all three of those dimensions,” Alan says.
Tomorrow’s guest on Microsoft Week is Abbas Kudrati, Chief Cybersecurity Advisor for Microsoft Asia’s Enterprise Cybersecurity Group. Abbas and Tom will be talking about innovating cybersecurity.
Resources
Alan Gibson | LinkedIn
Episode 067 — Nicolai Ellehuus
In this episode of The Ethics Experts, Nick welcomes Nicolai Ellehuus, Bang & Olufsen Global Compliance Officer, to the show.
Jenna Water’s time in the US Navy equipped her with sophisticated skills she now finds invaluable in her work as Cybersecurity Consultant at True Digital Security. She joins Tom Fox and Valerie Charles on this episode of ComTech to talk about how the cybersecurity industry is evolving, her vision to end security breaches, and what she thinks about President Biden’s executive order on cybersecurity.
Putting Corporate America on Notice
“I think businesses – particularly those that work in industries regarded as critical infrastructure, obviously because of the Colonial Pipeline hack – …a lot of them know now that they’re on notice,” Jenna tells Tom and Valerie. Recent cybersecurity attacks as well as the rise in ransomware, have driven home the need for good cybersecurity. These attacks not only impact businesses but are now tangibly affecting the lives of everyday citizens. Jenna believes this is sparking change in the industry, as the government, companies, and even the general public are taking cybersecurity more seriously.
End Security Breaches
Tom comments that his clients are now asking about their information security program, something they weren’t concerned about before. He asks Jenna how she would advise a company to start thinking about this issue. She outlines the steps her company takes to help their clients create a customized cybersecurity program. “…By prioritizing your risk, that’s how you can develop a more tailored cybersecurity program,” she points out. She and Tom discuss her vision of ending security breaches overall. She remarks, “For me, ending security breaches is a vision of the future in which a security breach can be detected, identified, and contained effectively… It’s not allowing a security incident to go to the point of a security breach… and it doesn’t affect or impact the organization or public in any significant way other than maybe the time it takes to contain it.”
Improving Cybersecurity with Data
“When you’re trying to combat this kind of breach, how do you use data?” Valerie asks Jenna. “Cybersecurity is actually one of the best areas in technology where it can be very data-driven,” Jenna responds. Data can help you build a threat profile and come up with an action plan to combat threats. Analyzing recent and past data can help you establish an operational baseline, and in turn recognize deviations from the norm. It can also help you identify gaps and vulnerabilities in your organization. There’s also the global perspective: gathering and analyzing data on threat groups helps you recognize their patterns before they attack. However, don’t focus only on data and ignore basic psychology. Hackers are still just human beings and are “subservient to human behaviors and motivation,” Jenna reminds listeners.
Cyber Risk Assessment is for Everyone
“I think everybody could benefit from a risk assessment in terms of cybersecurity,” Jenna tells Valerie; businesses in critical industries should prioritize it. Generally, she recommends an annual assessment. However, it should also be done when there is a significant change in operations or in the direction of the business. She argues that leadership buy-in is imperative: “Leadership buy-in for an organization is paramount to the success of the cybersecurity team.”
Thoughts on Biden’s Executive Order
“Do you have any urgent or immediate thoughts on President Biden’s executive order on cybersecurity?” Valerie asks. Jenna responds that she is excited and on board with the order. “As cybersecurity professionals, we like to take advantage of every emergency,” she quips. It’s a positive step signaling that cybersecurity is seen as important at the highest levels of government. On the other hand, however, the executive order may not last after Biden’s term of office as it can be revoked by the next President. Additionally, only certain federal bodies are bound by the order.
Resources
Jenna Waters on LinkedIn
True Digital Security
In this Episode of the FCPA Compliance Report, I am joined by Mary Ann Faremouth, founder of Faremouth and Company and inventor of the Faremouth Method. She joins me to discuss her latest book Revolutionary Reinventionand what you can do for your career in this post-pandemic workplace. Highlights include:
- Her book “Revolutionary Reinvention” just won the First Place Non-Fiction Award by Authors Marketing International? Why she wrote this book and its intended market.
- Why is alignment with the new normal so critical now?
- The Faremouth Method and how it can the Faremouth Method help the graduates of 2021.
- As we move into the next phase of Covid-19, why are the topics you wrote about even more important?
Resources
Mary Ann Faremouth on LinkedIn
Faremouth and Company
Books by MaryAnn Faremouth:
Revolutionary Reinvention
Revolutionary Recruiting