Approch

Nokia was using RSA Archer platform for only Incident Management purposes. We developed full scale GRC Program with several sub-components and processes to increase maturity, automation and integration of related processes.

3 year implementation roadmap with agile methodology is applied using RSA Archer Platform driven by the GRC Program objectives. Solutions categorized under 5 themes (Risk, Privacy, Corporate/Information Security, Legal & Compliance and Technical) which include several processes within.

Our Solution

We used a merged methodology from OCEG GRC Capability and Forrester GRC Handbook as a base to Nokia GRC Program. It had a structured approach and components such as GRC Charter that includes the business case, role and responsibilities, GRC short and long term vision and mission. It also included strategy planning, technology enablement,  financial sub-plan, implementation sub-plan, communication and reporting sub-plan, training sub-plan and continuous improvement cycle with benchmark and KPI measurements.

The Result

Nokia is currently having over 20+ processes implemented in RSA Archer Platform supporting privacy, security, risk, health & safety, vendor risk, product security, compliance and business continuity. And involving other value protection domains, improving existing processes or alignment with business objectives are all managed over a well-structured GRC Program and 3 year strategy roadmap.