LEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce

Similar documents
Introduction to Your Most Trusted Resource

Auto-Cascading Security Updates Through Docker Images

Build Data-rich Websites using Siteforce

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

Custom Metadata Types

Do Not Fear the Command Line

Building Mobile Force.com Apps for the iphone and ipad

Connect Your Clouds with Force.com

REST API Developer Preview

Secure Coding: Storing Secrets In Your Salesforce Instance

Making your Application Social with the Chatter API

TRACKING & MARKETING CLOUD REPORTS

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Now on Now: How ServiceNow has transformed its own GRC processes

HPE to Acquire Nimble Storage

Spring 10: Platform Release Preview Webinar

MetricStream GRC Summit 2013: Case Study

OpenText Buys HighTail

OpenText Buys Guidance Software

Oracle Buys Automated Applications Controls Leader LogicalApps

J.P. Morgan Healthcare Conference Investor Presentation Matt Wallach, President & Co-Founder January 14, Veeva Systems veeva.

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Quarterly Quarterly Rep ort eport

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Government IT Modernization and the Adoption of Hybrid Cloud

INTELLIGENCE DRIVEN GRC FOR SECURITY

ISACA Cincinnati Chapter March Meeting

Future of the Data Center

Company presentation Transition and Transformation

Apex REST API. SUMMER OF APIs. Sandeep Bhanot Developer Alex Toussaint Senior Product

Welcome ControlCase Conference. Kishor Vaswani, CEO

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Investor Overview 2018

OVERVIEW BROCHURE GRC. When you have to be right

Leveraging Adaptive Auth and Device Trust for Enhanced Security and Compliance

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Acquisition of GRIDSMART January 2, 2019

Nokia Conference Call 1Q 2012 Financial Results

Micro Focus Partner Program. For Resellers

REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS

Bringing Cybersecurity to the Boardroom Bret Arsenault

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

HCL GRC IT AUDIT & ASSURANCE SERVICES

Intermedia s Private Cloud Exchange

Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)

Background FAST FACTS

Introduction to AWS GoldBase

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Next Generation Policy & Compliance

TRACKVIA SECURITY OVERVIEW

Achieving effective risk management and continuous compliance with Deloitte and SAP

Data Management and Security in the GDPR Era

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

SAP: Speeding GRC Control Testing by 90% with SAP Solutions for GRC

locuz.com SOC Services

Fourth Quarter and Full Year 2018 Earnings Presentation. February 21, 2019

An Integrated Approach to Technology Risk Management and Compliance

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

NOKIA FINANCIAL RESULTS Q3 / 2012

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Overview. Business value

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Building Trust in the Era of Cloud Computing

ISO/ IEC (ITSM) Certification Roadmap

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Data Governance. Mark Plessinger / Julie Evans December /7/2017

GDPR: A QUICK OVERVIEW

Red Hat Acquisition of Qumranet Adds next generation virtualization capabilities. September 4, 2008

TSC Business Continuity & Disaster Recovery Session

Investor Presentation. February 2016

INVESTOR UPDATE SSH COMMUNICATIONS SECURITY Kaisa Olkkonen, CEO

LEADING WITH GRC. Approaching Integrated GRC. Knute Ohman, VP, GRC Program Manager. GRC Summit 2017 All Rights Reserved

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Microsoft Azure Security, Privacy, & Compliance

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

BHConsulting. Your trusted cybersecurity partner

First Quarter 2018 Earnings Presentation. May 8, 2018

CARBONITE 2015 THIRD QUARTER FINANCIAL RESULTS OCTOBER 28, 2015

ISO Professional Services Guide to Implementation and Certification AND

TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark

COMPLIANCE IN THE CLOUD

MOVING RED HAT ENTERPRISE LINUX INTO A NEW WORLD

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Modern Database Architectures Demand Modern Data Security Measures

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

ServiceNow Indicator Based Continuous Control Management

Risk Advisory Academy Training Brochure

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

Cisco Enterprise Agreement

Cincinnati Bell Inc. March 4, 2013

Avanade s Approach to Client Data Protection

10 Considerations for a Cloud Procurement. March 2017

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Optim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales

Management Presentation SEP 2017

Overview TÜV SÜD Japan. 15/05/2017 Slide 1

Transcription:

LEADING WITH GRC Common Controls Framework Sundar Venkat, Sr. Director Technology Compliance Salesforce

Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forwardlooking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include but are not limited to risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

Together, We re Building a Path Forward $ 2.39B Q1 FY18 revenue Innovator of the Decade September 2016 2009 2010 2011 2012 2013 2014 2015 2016 2017 The world s most innovative companies 2011 2012 2013 2014 2015 2016 25K employees $ 389B 2M in GDP impact by 2020 jobs created by 2020 IDC White Paper, sponsored by Salesforce, "The Salesforce Economy," August 2016

The Age of the Customer Connect to your customers in a whole new way Unified Commerce Intelligent Communities Actionable Analytics Predictive Marketing Smart Apps Conversational Service A Single View of the Customer Connected Products Guided Sales

Who we are. What we do. How we do it. TECHNOLOGY COMPLIANCE Protect Customers Protect Brand Enable Growth Our Mission Our Values Trust Growth Enablement People Partner Infrastructure GBO Corp Dev Trust Legal IT Business Partners Improve Execute Our Deliverables Compliance for Core Certs Design for 2020 (Maturity & Efficiency) Partnerships with the Business Intake Process for New Certs Sustain Elements of Trust Certifications SOX SOC PCI FedRAMP ISO Japan Pmark Trusted Security Always On Availability Performance at Scale Global Data Centers Compliance HIPAA CJIS Australia UK Cyber Germany DoD GRC Summit TUV 2017 irap All Rights Essentials Reserved

Compliance Scalability Challenges Salesforce continues to grow rapidly across various industries and geographies. The number of compliance frameworks, regulatory requirements and stringency continues to increase. We did not have a standardized baseline across compliance frameworks across various Salesforce services Certifications/Audits occur throughout the year, causing audit fatigue to Business Partners Lack of consistency in evidence collection Inefficient control testing with no reuse of audit evidence Intake of new compliance frameworks cumbersome

Common Controls Framework (CCF) - Vision Compliance Center We are the global standard of excellence in internal audit, compliance and risk services. We enable the company s success. 1. Strengthen Governance Secure Executive Commitments Implement & Execute Governance Model Drive Adoption & Enable Change Management 2. Streamline Audits 3. Develop & Optimize Compliance Content Align Audit Schedules Consolidate Auditors Streamline Evidence Gathering Develop CCF Approach Integrate Risks into Framework Complete Mapping & Develop Content 4. Transform Risk & Compliance Processes Internal Controls Monitoring Process Maturity Assessment Mature Technology Risk Management Function 5. Implement Effective GRC & Tooling Define Requirements Evaluate & Select Vendor Implement System Training & Awareness Consolidate Remediation Asks Continuous Surveillance & Content Refresh Continuous Process Improvements Ongoing Maintenance Activity CompletedActivity Underway Planning /

CCF Accomplishments Highlights CCF maintained on MetricStream Internal stake holders involved: Tech Compliance, Engineering, Infrastructure, Information Technology, Security Scope: 17 frameworks; 5,128 requirements Final consolidated control count: 326 % consolidation to Salesforce controls: 93% Accomplishments Created baseline of controls across compliance frameworks Minimized touch points with business partners and reduced audit fatigue Streamlined process and re-use of evidence across frameworks Optimized intake for new requirements Enabled embed compliance across the company and more efficient compliance execution

CCF Change Management & Sustainability PwC TC BP TC/BP 1.0 Authoritative Source Monitoring Identify changes to compliance landscape 3.0 Content Refresh Refresh CCF Content Library Revisions or additions to existing framework requirements e.g. PCI 3.1 to 3.2, or a new framework source New or updated common controls (Control and Audit Attributes) e.g. Control ID, Integrated Requirement, Control Implementation Statement 2.0 Change Operations Determine applicability and impact to CCF content library Offline reviews Changed business context i.e. new acquisitions, frameworks, products & services New, changed, or retired requirements e.g. ISO, NIST GDPR BP Signoff TC Signoff Changes during audit cycles (TC or External) i.e. Test Procedures, Evidence, Control Owners Changed CCF data attributes Content refresh process required? Yes No MetricStream TC Signoff

MetricStream Journey and Timeline System Selection Solution Design Build vs. Buy Vendor Selection: MetricStream 2015 Oct 2015 - Jan 2016 2016 2017 Process and Data Readiness Refine Requirements Process Alignment Data Harmonization Jun 2016 - Aug 2016 Phase 1 Nov 2016 - May 2017 Implementation Phase 1 - SOX & IT Compliance Modules Phase 2 - IA and ERM Modules Phase 3 - SOX & IT Compliance Enhancements Phase 4 - SOX 3.0 SubCerts Phase 2 Phase 3 Phase 4 May 2017 - Oct 2017 May 2017 - Jul 2017 May 2017 - Jun 2017 Completed Active

Libraries Single Sign On HR System Integration Audit Planning/Scoping Testing Evidence Gathering Findings/Remediation Other System Integrations Email Escalations Internal Audit Enterprise Risk Management SOX Certifications

Thank You! Continue the conversation online #GRCSummit

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback