My main focus is in regulated industries such as Pharma, Financial Services and Energy – in particular within regulatory compliance
Enabling a stronger position on cyber security
(regulatory compliance)
Business context
My client was facing external regulatory requirements within cyber security. The regulatory requirements were to be met within a given timeline, if not met my client could face significant fines.
Objectives
Establish a stronger and clearer position on cyber security and regulatory compliance was needed (NIS2, ISO27001 and 27019, UK NIS CAF) – 2 different initiatives for the same client.
Meeting ISO certification requirements and UK NIS CAF basic profile as required by external authorities.
Build a stronger anchoring of Quality management and regulatory compliance in the daily work across delivering teams.
Approach
- Close cooperation with Operations and IT executives.
- An assessment of the current cyber security posture and key risks was made for risk mitigation
- Re-staffing was initiated and work was organized to be executionable and efficient as possible.
- Clear roles and responsibilities were defined and anchoring. New model was matured step-by-step in close corporation with new hires for the compliance team and other key roles.
- Confidence was built step-by-step. Uncertainty and frustrations were handled actively.
Outcome
ISO 27001 and 27019 was obtained for the legal entities in scope and within the timeline required by external authorities
UK NIS CAF basic profile was met for the legal entities in scope and within the timeline required by external authorities
NIS2 compliance was enabled by strengthening the quality and compliance setup for the functions in scope and by ensuring risk based prioritisation of cyber security initiatives.
Re-activating the HR programme
Business context
A global HR programme was critical to adapt to a new and more global business context.
First go-lives were approaching fast and the target was to keep the first deadlines.
Objectives
Re-design and roll-out all major HR business processes to work in global context across all entities.
Design and implement a new global IT HR platform based on the revised global HR processe.s
Approach
- Close cooperation with HR executives.
- An assessment of the potential and pain points was made fast.
- Replanning was conducted where both timeline and cost were revised.
- First go-lives kept as planned.
- Clear roles and responsibilities agreed.
- New roles were introduced.
- The programme mindset was gradually changed.
- Uncertainty and frustrations were handled actively.
Outcome
The revised global HR processes were implemented in a per process/module go-live schedule.
The agreed timeline was met below budget.
GDPR programmes in the pension and the pharmaceutical industries
Business context
GDPR was being introduced and the uncertainty of how to handle this new legislation was significant. Little concrete legal guidance was available.
There was a clear business objective to be compliant at the effective date.
Objectives
Understand the GDPR as legislation and design the implementation thereof across the organisation
Enable the organisation to meet the GDPR requirements through competency development and an operating model.
Approach
- Active involvement of top management and alignment with expectations from board of directors.
- A full company assessment of the scope was conducted for data, governance, business processes, IT systems and 3rd party provided was conducted on high level for risk assessment, clear prioritization and agreement on approach.
- A communication and training strategy was designed and followed to make it easier for employees to adopt this new mindset.
- Projects were designed and implemented to effectively implement in relevant business areas.
Outcome
Successful introduction of this new mindset for how to protect personal data in a global company. A lift of compliance maturity in the impacted business areas.