SlideShare une entreprise Scribd logo

Cloud Transformation Program in today's GRC World: Process-Oriented Framework

Ahmed Ragab
Ahmed Ragab

Professional Advice This paper, including all concepts and frameworks, is provided for general information and practice guidance purposes only. Users of this document are encouraged to use the presented concepts/framework with a thorough understanding of its general application. For more specific framework or special controls as per each organization industry, it is advised to customize specific controls as per each industry parameters, however the concept will stay valid across different industries. For any further inquiry, or contribution, you can contact the author for further improvement. What’s inside? Cloud Transformation Program (CTP) framework, GRC alignment with Cloud Transformation, benefits of GRC assurance model for CTP, CTP’s full cycle, different stakeholders concerns for any CTP, Who shall read this? Cloud Transformation Project/Program (CTP) Managers, IT GRC Officers, Change Managers, CTOs, CIOs, CISOs, IT Auditors, Cloud Computing Architects, and any other involved stakeholder in Cloud Transformation Program.

Technologie
1  sur  13
Télécharger pour lire hors ligne
Page 1 of 13 CLOUD TRANSFORMATION PROGRAMS (CTPS) IN TODAY’S GRC WORLD Process-Oriented Framework By: Ahmed Ragab September 2014
Page 2 of 13 Professional Advice This paper, including all concepts and frameworks, is provided for general information and practice guidance purposes only. Users of this document are encouraged to use the presented concepts/framework with a thorough understanding of its general application. For more specific framework or special controls as per each organization industry, it is advised to customize specific controls as per each industry parameters, however the concept will stay valid across different industries. For any further inquiry, or contribution, you can contact the author for further improvement. What’s inside? Cloud Transformation Program (CTP) framework, GRC alignment with Cloud Transformation, benefits of GRC assurance model for CTP, CTP’s full cycle, different stakeholders concerns for any CTP, Who shall read this? Cloud Transformation Project/Program (CTP) Managers, IT GRC Officers, Change Managers, CTOs, CIOs, CISOs, IT Auditors, Cloud Computing Architects, and any other involved stakeholder in Cloud Transformation Program.
Page 3 of 13 TABLE OF CONTENTS Wide Spectrum Introduction Why Organizations consider CTP within a Compliance Framework? CIO, CISO, Board and Compliance Concerns! GRC Impact on Cloud Transformation Programs Cloud Transformation Program (CTP) Framework
Page 4 of 13 Today’s business dynamics urged all organizations to adopt more flexible platforms either in management processes or IT infrastructure. Enterprises started to maturely recognize the new fast rate of transformation programs to accommodate business needs. Customers can not wait any more. Operational staffs need business- driven and objectives-oriented flexible work environment using dynamic technology infrastructure. Investors are so keen about the investments allocation, as usual! And finally risk and compliance governors have their own call to accommodate such topology and securely maintain organization’s momentum. Changing from normal IT-Centric operations to more flexible, services-oriented, and on-demand IT services became a key factor while applying effective investment calculations. Hereby, thinking about Cloud Transformation Program (CTP) became on top of the key enterprises’ transformation programs. However, such programs shall not be designed focusing only on technology parameters but also considering the complementary support by mature processes and compliance controls in order to ensure smooth transformation with compliance. WIDE SPECTRUM
Page 5 of 13 Cloud Transformation Program (CTP) is not just a strategic change management move for enterprises, it is a turn-key pivotal change management program that covers all aspects of organizations; people, processes, technology, suppliers, behavior …etc. Such program normally runs as a capital project in the organization, accordingly a special attention should be paid from the governance, risk and compliance point of view. And this is regardless the type of cloud deployment model public cloud, private cloud, hybrid cloud, or even community cloud deployment model. This paper will tackle the Cloud Transformation Program (CTP) from a process-oriented approach to empower all leading experts/architects or such program managers to apply full-fledged framework enriched with compliance pillars, i.e. GRC. INTRODUCTION
Page 6 of 13 No doubt that every IT Transformation Project has its own ICT controls that ensure the project success “Technically.” However, tackling CTP needs more assurance on enterprise-wide controls like Governance, Risk, Compliance, and other operational controls. From this approach, a full-fledged compliance framework has been adopted to accommodate any CTP effectively. Figure 1 demonstrates the different components of CTP within a compliance framework. WHY ORGANIZATION SHALL CONSIDER (CTP) WITHIN A COMPLIANCE FRAMEWORK?
Page 7 of 13 IT Governance – by implementing all related ICT controls to ensure Confidentiality, Integrity and Availability of Information across the organizational departments effectively. IT Risk Management Controls – to identify, establish, and maintain risk governance with an integrated view to the overall Enterprise Risk Management (ERM). This will lead to evaluating risks as well as responding to it. Compliance – aligning the entire CTP with the enterprise compliance indicators and checklists in order to maintain conformity with the internal organizational as well as external regulatory bodies’ compliance requirements. Assurance – by establishing the key controls for implementing the CTP on different levels: project management framework, people-related controls, technology related controls and processes-related controls. Aligned IT Services Management Processes – since implementing such program is impacting different aspects in the ICT organization, IT Services Management has to be aligned or established (in case if it hasn’t been identified before) with the dynamics and complexity of the running CTP. IT Services Management processes are very critical and could be dramatically changed when organizations transforms from centralized IT organization to Cloud-based environment. Process Reengineering – organizations may need to reconsider business processes reengineering, where a lot of manual operations could be automated, and some manual controls will be swapped. In addition to some new processes could be released to support the new cloud operations and functionalities. Information Security – as per the special nature of cloud environment, a considerable information security controls shall be implemented and audited to assure information privacy and controlling any breach. With the compliance model mentioned above, InfoSec is considered as the core technical compliance with the most critical applied controls. Project/Program Management – the mentioned compliance model will integrate smoothly with the entire project management processes since we will use heaving a lot of PM pillars like; scoping, change management, risks, quality, integration…etc. During the roadmap of such CTP, organizations need to adopt such a comprehensive compliance framework to achieve the following:-
Page 8 of 13 CIO, CISO Board and Compliance Concerns!
Page 9 of 13 Budget-wise, we are in trouble! This only happens when we talk about ROI of Cloud Transformation Program (CTP) from a narrow dimension, which is a technology solution. Accordingly, tackling such transformation program shall consider different stakeholders’ concerns in order to reach the benefits realization. The following figure summarizes main concerns at the main leading stakeholders for any CTP:- CIO, CISO Board and Compliance Concerns!
Page 10 of 13 GRC Impact on Cloud Transformation Programs GRC models have been progressively improved till we reached GRC Capability Model proposed by OCEG. Saying this, If we consider this GRC model as principled performance for assuring successful cloud transformation program will come with the following assured benefits:-  Mature processes definitions  Reliable processes assessment  Robust controls  Dynamic process change  Agile framework for future processes scalability  Compliance management  Quantitative and qualitative performance indicators  Service quality  Reliable CAPEX, OPEX and TCO calculations  More visibility and applicability of Chargeback and Showback  Time-to-market  Envisioning roadmap  Business integrity  People development and awareness
Page 11 of 13 The following framework is merging different conceptual frameworks to come up with a full-fledged CTP with a compliance tools across Cloud Transformation Millstones CLOUD TRANSFORMATION PROGRAM (CTP) FRAMEWORK
Page 12 of 13 Discovery Phase – Organization’s thorough understanding is the first milestone where we consider the four main pillars of understanding (People, Process, Technology, Project Management Framework). This covers the entire organization assets for those pillars like: competency levels, identified and implemented processes, existing applications and technology environment, and the project management different processes maturity levels. Analysis Phase – this phase represents a demarcation stage between different pillars as well as prepares for the next levels of understanding and connecting information/perceptions together in order to come up with a mature assessment views. From this stage, we can also come up with the business case and recommendation for stakeholders’ approval. Design Phase – building a conceptual framework for the implementation, operations and maintenance, and sustainability model is the state of the art, where the architects invest a lot of time and efforts to present a comprehensive integrated model for the cloud model and the deployment option. Implementation Phase – is the hardest stage of delivery the baby, i.e. implementation phase, where selecting the right solution, implementer, resources and the right time to start the implementation with a considerable attention towards the time-to-market. Monitoring and Evaluation Phase – is the time of measuring the expectations on different levels: applications’ features, performance, integrity, security, reliability, flexibility, agility …etc. Continual Improvement Phase – is the payback time! Where users started to maturely progress inside the new cloud environment, so more services could be configured and some Chargeback processes will be triggered to show the IT Business Value. All different phases mentioned above shall be designed and supported by a reliable KPIs with a GRC compliance features. This will be released in the next white paper . .
Page 13 of 13 About the Author Ahmed Ragab, Consulting Services Manager at Panorama Consulting and Business Solutions, is the author of this conceptual framework. Ahmed is a hands-on experienced processes reengineering professional with diversified implementation experience in Information Security Management Systems, IT Governance, IT Risk Management, IT Audit and Restructuring Programs. He has formulated many of implementation and processes assurance framework. With an inspired GRC model of the principled performance and articulating Cloud Transformation Framework, this integrated CTP framework has been formulated in line with GRC pillars. For any feedback or inquiry, please contact:- Ahmed Ragab, MSc, ISMS-LA Consulting Services Manager Panorama Consulting and Business Solutions aragab@panoramacbs.com +965 - 60036963

Recommandé

Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Amazon Web Services
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

Recommandé

Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Amazon Web Services
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
ChristopherTHyatt
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 

Contenu connexe

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

En vedette

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 

En vedette (20)

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 

Cloud Transformation Program in today's GRC World: Process-Oriented Framework

  • 1. Page 1 of 13 CLOUD TRANSFORMATION PROGRAMS (CTPS) IN TODAY’S GRC WORLD Process-Oriented Framework By: Ahmed Ragab September 2014
  • 2. Page 2 of 13 Professional Advice This paper, including all concepts and frameworks, is provided for general information and practice guidance purposes only. Users of this document are encouraged to use the presented concepts/framework with a thorough understanding of its general application. For more specific framework or special controls as per each organization industry, it is advised to customize specific controls as per each industry parameters, however the concept will stay valid across different industries. For any further inquiry, or contribution, you can contact the author for further improvement. What’s inside? Cloud Transformation Program (CTP) framework, GRC alignment with Cloud Transformation, benefits of GRC assurance model for CTP, CTP’s full cycle, different stakeholders concerns for any CTP, Who shall read this? Cloud Transformation Project/Program (CTP) Managers, IT GRC Officers, Change Managers, CTOs, CIOs, CISOs, IT Auditors, Cloud Computing Architects, and any other involved stakeholder in Cloud Transformation Program.
  • 3. Page 3 of 13 TABLE OF CONTENTS Wide Spectrum Introduction Why Organizations consider CTP within a Compliance Framework? CIO, CISO, Board and Compliance Concerns! GRC Impact on Cloud Transformation Programs Cloud Transformation Program (CTP) Framework
  • 4. Page 4 of 13 Today’s business dynamics urged all organizations to adopt more flexible platforms either in management processes or IT infrastructure. Enterprises started to maturely recognize the new fast rate of transformation programs to accommodate business needs. Customers can not wait any more. Operational staffs need business- driven and objectives-oriented flexible work environment using dynamic technology infrastructure. Investors are so keen about the investments allocation, as usual! And finally risk and compliance governors have their own call to accommodate such topology and securely maintain organization’s momentum. Changing from normal IT-Centric operations to more flexible, services-oriented, and on-demand IT services became a key factor while applying effective investment calculations. Hereby, thinking about Cloud Transformation Program (CTP) became on top of the key enterprises’ transformation programs. However, such programs shall not be designed focusing only on technology parameters but also considering the complementary support by mature processes and compliance controls in order to ensure smooth transformation with compliance. WIDE SPECTRUM
  • 5. Page 5 of 13 Cloud Transformation Program (CTP) is not just a strategic change management move for enterprises, it is a turn-key pivotal change management program that covers all aspects of organizations; people, processes, technology, suppliers, behavior …etc. Such program normally runs as a capital project in the organization, accordingly a special attention should be paid from the governance, risk and compliance point of view. And this is regardless the type of cloud deployment model public cloud, private cloud, hybrid cloud, or even community cloud deployment model. This paper will tackle the Cloud Transformation Program (CTP) from a process-oriented approach to empower all leading experts/architects or such program managers to apply full-fledged framework enriched with compliance pillars, i.e. GRC. INTRODUCTION
  • 6. Page 6 of 13 No doubt that every IT Transformation Project has its own ICT controls that ensure the project success “Technically.” However, tackling CTP needs more assurance on enterprise-wide controls like Governance, Risk, Compliance, and other operational controls. From this approach, a full-fledged compliance framework has been adopted to accommodate any CTP effectively. Figure 1 demonstrates the different components of CTP within a compliance framework. WHY ORGANIZATION SHALL CONSIDER (CTP) WITHIN A COMPLIANCE FRAMEWORK?
  • 7. Page 7 of 13 IT Governance – by implementing all related ICT controls to ensure Confidentiality, Integrity and Availability of Information across the organizational departments effectively. IT Risk Management Controls – to identify, establish, and maintain risk governance with an integrated view to the overall Enterprise Risk Management (ERM). This will lead to evaluating risks as well as responding to it. Compliance – aligning the entire CTP with the enterprise compliance indicators and checklists in order to maintain conformity with the internal organizational as well as external regulatory bodies’ compliance requirements. Assurance – by establishing the key controls for implementing the CTP on different levels: project management framework, people-related controls, technology related controls and processes-related controls. Aligned IT Services Management Processes – since implementing such program is impacting different aspects in the ICT organization, IT Services Management has to be aligned or established (in case if it hasn’t been identified before) with the dynamics and complexity of the running CTP. IT Services Management processes are very critical and could be dramatically changed when organizations transforms from centralized IT organization to Cloud-based environment. Process Reengineering – organizations may need to reconsider business processes reengineering, where a lot of manual operations could be automated, and some manual controls will be swapped. In addition to some new processes could be released to support the new cloud operations and functionalities. Information Security – as per the special nature of cloud environment, a considerable information security controls shall be implemented and audited to assure information privacy and controlling any breach. With the compliance model mentioned above, InfoSec is considered as the core technical compliance with the most critical applied controls. Project/Program Management – the mentioned compliance model will integrate smoothly with the entire project management processes since we will use heaving a lot of PM pillars like; scoping, change management, risks, quality, integration…etc. During the roadmap of such CTP, organizations need to adopt such a comprehensive compliance framework to achieve the following:-
  • 8. Page 8 of 13 CIO, CISO Board and Compliance Concerns!
  • 9. Page 9 of 13 Budget-wise, we are in trouble! This only happens when we talk about ROI of Cloud Transformation Program (CTP) from a narrow dimension, which is a technology solution. Accordingly, tackling such transformation program shall consider different stakeholders’ concerns in order to reach the benefits realization. The following figure summarizes main concerns at the main leading stakeholders for any CTP:- CIO, CISO Board and Compliance Concerns!
  • 10. Page 10 of 13 GRC Impact on Cloud Transformation Programs GRC models have been progressively improved till we reached GRC Capability Model proposed by OCEG. Saying this, If we consider this GRC model as principled performance for assuring successful cloud transformation program will come with the following assured benefits:-  Mature processes definitions  Reliable processes assessment  Robust controls  Dynamic process change  Agile framework for future processes scalability  Compliance management  Quantitative and qualitative performance indicators  Service quality  Reliable CAPEX, OPEX and TCO calculations  More visibility and applicability of Chargeback and Showback  Time-to-market  Envisioning roadmap  Business integrity  People development and awareness
  • 11. Page 11 of 13 The following framework is merging different conceptual frameworks to come up with a full-fledged CTP with a compliance tools across Cloud Transformation Millstones CLOUD TRANSFORMATION PROGRAM (CTP) FRAMEWORK
  • 12. Page 12 of 13 Discovery Phase – Organization’s thorough understanding is the first milestone where we consider the four main pillars of understanding (People, Process, Technology, Project Management Framework). This covers the entire organization assets for those pillars like: competency levels, identified and implemented processes, existing applications and technology environment, and the project management different processes maturity levels. Analysis Phase – this phase represents a demarcation stage between different pillars as well as prepares for the next levels of understanding and connecting information/perceptions together in order to come up with a mature assessment views. From this stage, we can also come up with the business case and recommendation for stakeholders’ approval. Design Phase – building a conceptual framework for the implementation, operations and maintenance, and sustainability model is the state of the art, where the architects invest a lot of time and efforts to present a comprehensive integrated model for the cloud model and the deployment option. Implementation Phase – is the hardest stage of delivery the baby, i.e. implementation phase, where selecting the right solution, implementer, resources and the right time to start the implementation with a considerable attention towards the time-to-market. Monitoring and Evaluation Phase – is the time of measuring the expectations on different levels: applications’ features, performance, integrity, security, reliability, flexibility, agility …etc. Continual Improvement Phase – is the payback time! Where users started to maturely progress inside the new cloud environment, so more services could be configured and some Chargeback processes will be triggered to show the IT Business Value. All different phases mentioned above shall be designed and supported by a reliable KPIs with a GRC compliance features. This will be released in the next white paper . .
  • 13. Page 13 of 13 About the Author Ahmed Ragab, Consulting Services Manager at Panorama Consulting and Business Solutions, is the author of this conceptual framework. Ahmed is a hands-on experienced processes reengineering professional with diversified implementation experience in Information Security Management Systems, IT Governance, IT Risk Management, IT Audit and Restructuring Programs. He has formulated many of implementation and processes assurance framework. With an inspired GRC model of the principled performance and articulating Cloud Transformation Framework, this integrated CTP framework has been formulated in line with GRC pillars. For any feedback or inquiry, please contact:- Ahmed Ragab, MSc, ISMS-LA Consulting Services Manager Panorama Consulting and Business Solutions aragab@panoramacbs.com +965 - 60036963