For a program to be effective it must demonstrate robust features in accuracy, usage, and performance. For the initial phase of this program I started by reviewing last year’s material and contacting the people involved. Meetings were conducted directly with the coordinators to find out what worked and what didn’t in the past years assessments. Many had the same observation on issues that could be improved upon.
To understand the process, the compliance matrix is the source of record for this step of the GLBA process. The document demonstrates the capabilities of the company’s IS structure and how it aligns to the GLBA requirements. Each Citi policy, standard, and guideline that aligns the IS programs to GLBA requirements …show more content…
It must be updated with changes that occur from year to year. Any policy, standard, guideline utilized to demonstrate the company’s IS capabilities must be referenced and documented in the compliance matrix. The SPG team reviews each reference in the document and makes changes as necessary then sends the updated document to the compliance team. Once the document is reviewed and validated by the compliance team, they will provide their endorsement so the document can be submitted for final approval.
In conjunction with the compliance matrix process, the SPG team works with the coordinators to make sure they have the correct people identified who provide signoff of the compliance matrix. The process requires that there must be a minimum of two approvals needed for each business, the first one from the BISO and the second from the Sector Head. The coordinators provide the updated list of people to the SPG team.
Since the compliance matrix document is the source of record for the whole process, it must be approved by the ISROC committee before it can be distributed to the coordinators. The approved compliance matrix, along with the coordinator, BISO, Sector Head identification list is presented to the ISROC committee for …show more content…
Many hours are consumed with working with new coordinators, fixing the Archer tool, and monitoring the process.
5.2 Coordinator Role
The coordinators play an important role in the GLBA process. Since this is a global company effort, there are many regions and businesses that must be accounted for and documented during this process. The coordinators are the people that perform the function of obtaining the signatures for the compliance matrix for the regions in scope.
After receiving the approved matrix from the SPG team, the coordinators work to obtain the signatures from the appropriate people. The first approval is the BISO of the business, and then the final attestation which comes from the regional Business Head of that specific region. The coordinators do all of the work obtaining the signatures from the BISOs and Sector Heads from their respectable regions. The difficult process is getting time with the BISO and the Sector Heads to review the matrix and obtain their