IT-GRC

Corporate Governance, Risk Management and Compliance is a comprehensive approach for managing corporate processes and risk. In addition to applying this approach, hms is also specialized in applying the IT-GRC approach for managing technological IT and cyber risk, which focuses on managing IT technologies, cyber, information security and operational risk. 

Applying this latter approach looks at organizational IT technologies through two prisms: optimizing workflows and minimizing risk created by IT systems on the one hand, and reviewing IT system set up and maintenance processes on the other hand – understanding that such processes bear an inherent risk which must also be managed. hms is a pioneer in applying IT-GRC and for many years has been leading this field in the Israeli market. 

our impact

IT-GRC

Owning the process, controlling the risk

hms’s IT-GRC Division provides a range of services, primarily, analysis and management of core threats and risk generated by organizational workflows. The purpose of these services is to assist organizations in mitigating the likelihood of threats manifesting, regardless of whether they are the result of errors or deliberate exploitation of loopholes by internal or external elements.

We strongly believe that a proactive approach must be applied to risk management. The purpose of this approach is to effectively contain threats, identify potential exposures and implement controls which minimize risk – all in accordance with the organization’s risk appetite.

Cyber risk management focuses on protecting organizational information assets, placing particular emphasis on safeguarding the credibility, accessibility and confidentiality of information. This management style includes managing risk during the development of new systems as well as during system maintenance post Go-live. 

Our teams have the expertise, knowledge, and experience in selecting the most suitable approach for assessing and mitigating risk. This, coupled with our ability to develop and implement effective risk management plans – provides our clients with a complete solution which is tailored to address the organization’s unique requirements and challenges.

Our Coverage

The range of our services

Drafting a Risk Management Policy and Formulating Workflows

We assist organizations in understanding and defining their “Risk Appetite” and in accordance with this, in drafting a comprehensive risk management policy. An organizational policy would include, inter alia, a definition for the roles of management and of key position holders, and for workflows and processes which match the risk appetite which was set. 

Risk Surveys and Work Plans

Outlining the organization’s main workflows (operational, cyber, and IT) and analyzing exposures which are inherent in these processes.  Carrying out in-depth analysis of existing mechanisms and controls, and, together with decision makers within the organization, calculating the level of any residual risk, based on the risk to which the organization is exposed.    

Advice to Organizations Regarding ISO 27001

Assisting organizations in implementing and complying with ISO 27001, the international standard for information management systems regarding information security, cybersecurity and privacy protection. We do this by collaborating closely with the organization, by examining information management tools and audits put in place in the organization, and then locating vulnerabilities and loopholes. We then provide guidance and support, to ensure compliance with the rules of proper information management, until compliance with the requirements of the Standard is achieved.  

Cyber Compliance Checks and Reviews

Our team of professionals conduct surveys to measure compliance with YAHAV – Israel National Digital Agency’s Index for government offices. The survey assesses government offices’ level of protection against cyber threats, by assessing the readiness and efficiency of IT systems for protection against cyber threats faced by these offices. The survey results provide valuable insights into the overall security status of the office, expose vulnerabilities and loopholes, and help to solidify and take the measures necessary for increasing security levels.

Compliance Surveys and Minimizing Gaps

In most sectors, organizations are subjected to Acts and regulations which get updated frequently. Compliance with the requirements of Acts and regulations is a necessary prerequisite for being granted licenses and permits from supervisory bodies, and failure to comply with requirements exposes organizations to sanctions imposed by these bodies. Compliance surveys are conducted in order to ensure organizations comply with regulatory requirements. These surveys include a review of all Acts and regulations with which the organization is required to comply, in comparison with the organization’s current conduct.

Our teams specialize in carrying out compliance surveys for organizations in the various sectors – banking, credit companies, capital markets, fintech companies, insurance and pension companies, the government sector and more. Along with carrying out the surveys, we assist bodies to implement a culture of compliance within the organization by updating workflows, drafting practice directions and more.

contact

Let's Set Up a Meeting

We’ll be happy to discuss how we can help you with your challenges

I’d like to talk about