News
15 September 2021
News
Готово!
Скоро материал придет на указанную электронную почту. Также подписывайте на нас в Facebook
Ok
Complance policy companies
The main goal of ICL Services is to provide high quality IT services to customers while ensuring data security and continuous availability of service. As long as these conditions are met our customers should get the expected value from us as they go about completing their tasks. Asel Atakhanova, the head of the internal audit group at ICL Services, talks about the compliance policy of IT companies in the domestic market.
- Asel, what would you call the traditional and most common ways in which IT companies operate?
- Compliance in the IT sector has evolved from the classic financial and legal compliance imposed by shareholders and regulators through antitrust and anti-corruption compliance, the need to abide by data privacy requirements (for personal data, business security, intellectual property) and the level of compliance depends on the maturity of the company and its partners.
- What activities does the compliance policy at your company include?
- At the moment, every user of global platforms such as Facebook, Google and Apple has to deal with the fact that they each have their own rules and policies that all users are expected to abide by or they will be blocked/blacklisted or even de-platformed entirely. Even children are learning digital etiquette and network security rules today. Business representatives are no exception here as they establish their own principles and management standards that take into account legal requirements and the demands of stakeholders. ICL Services is one of them: our main goal is to provide quality IT Services to our customers while ensuring data security and continuous availability of service.
As long as these conditions are met our customers should get the expected value from us as they go about completing their tasks.
In order to ensure delivery of top quality service to customers, ICL Services designs its business processes taking into account the requirements of the law, customers and stakeholders alike, training its staff and monitoring adherence to relevant requirements, introducing and maintaining management systems (in accordance with such international standards as ISO 9001, 14001, 20000, 27001).
It’s not enough to simply have one compliance department for this mechanism to work: in our company every business process owner/manager is responsible for the outcomes of their process/project and for improving their workflow, as well as for managing risks and problems that may arise as they go about implementing their project. A compliance manager first and foremost coordinates and supports the functioning of this mechanism.
Asel Atakhanova, the head of the internal audit group at ICL Services
For ICL Services having a properly functioning compliance and risk management system is not just an indicator of business maturity but is also an effective tool that enables the company to maintain and accelerate its growth rate. At the same time, the introduction and use of such tools must be simple and easy to understand so that the deployment of technologies aimed at improving business performance does not turn into a major hassle for the entire company.
Special attention in compliance policy is paid to ensuring information security. The level of trust in interaction with major customers in Russia and abroad depends to a large extent on how well ICL Service is able to manage information security. Incidents involving information security breaches may result in the loss of trust from both existing and prospective customers. Therefore, abidance by all information security rules is an integral part of all of our business processes.
Companies get information security requirements from the law, contractual obligations and other documented requirements of internal and external stakeholders.
Special attention is paid to the organisation of a compliance system for the protection of personal data. Abidance by the requirements of national laws guarantees security of personal data for both staff and customers. Seeing how the company offers services in a broad range of markets, including the EU, we’ve also implemented measures that ensure adherence to the EU’s General Data Protection Regulation.
The company uses a risk-oriented approach. All organisational and technology-based information security measures are implemented after risk assessment, which is a continuous process at the company. The effectiveness of the information security management system is confirmed by an ISO\IEC 27001:2013 compliance certificate.
Since our staff are the main asset of the company, other important components of compliance include:
- And what new forms of compliance is the company adopting?
- We've continued to implement compliance policies even during the global COVID-19 pandemic. At the very start of the pandemic, we rather painlessly transitioned about 90% of our staff to remote working, thereby not only ensuring safety for our personnel but also abiding by the all the requirements of third parties (governments, customers, suppliers, contractors, international management standards). Meanwhile, some processes were moved online, such as interviewing job candidates, holding meetings, strategic sessions, workshops, project reviews with customers, provision of services, training, internal and even external audits. Documentation processing rules were revised. The success of the remote working project was achieved through well-coordinated effort of all the people involved in it. This allowed us to take into account the maximum number of external and internal requirements.
- Are there any know-hows you'd care to share with us? What did they help you achieve?
- The main achievement for ICL Services has been the deployment and use of the continuous improvement methodology that has not been simply imposed from the top but has been embraced by every employee. We're encouraging our colleagues to not only abide by business process requirements and the legal requirements of our customers, but to do it in the best possible way and if something goes wrong, we encourage our staff to respond immediately, identify the causes of non-conformances and take corrective action. Our staff view internal audits not as some inspection to get through and forget about but as an opportunity to have their processes evaluated by an independent party and get recommendations on how they can be improved. To that end, any department or project can request an internal audit.
Thus, we've made it easy for our staff to get consultations if they have any questions (via our compliance email address) or if they find some non-conformances (the red button on the corporate portal that any employee can click and a compliance officer will get in touch with them and organise a confidential enquiry). In addition, we have a compliance email address for our customers and suppliers and anyone who interacts with our company where they can submit reports about violations.
Thus, all company employees as well as partners and customers are involved in the compliance effort, minimising and preventing risks of violations of policies, business process documents, customer requirements, and minimising the impact of risks on the company's operations and financial performance while ensuring top quality of service to meet customer expectations.
- Which trends in the IT market would you note as having to do with compliance policy? Do you have any expectations of how compliance is going to evolve in IT companies.
- Compliance related trends in the IT sector that are worth mentioning include:
1) Development of new technologies such as artificial intelligence, machine learning, data analytics, the transition of business online, wider adoption of cloud based technologies and a number of other factors are making it necessary to pay more and more attention to information security compliance.
2) Given the wide use of internet technologies and the ever increasing role of social media and news aggregators, reputational risks are increasing: any ethical or legal violations can be critical for a company. So I think we’re going to see a lot of demand for IT services related to content monitoring, including services that utilise AI.
3) New opportunities are merging in remote compliance monitoring and remote audits: IT companies are going to be offering new platforms to take advantage of these opportunities.
In summary, I can say that we’re probably going to see fast growth among those IT companies that manage to adapt to the new realities and business requirements given the post-pandemic cutting of budgets and decline in demand for some IT services, as well as among those who are able to manage their risks effectively.
- Thank you very much for your time!
- Compliance in the IT sector has evolved from the classic financial and legal compliance imposed by shareholders and regulators through antitrust and anti-corruption compliance, the need to abide by data privacy requirements (for personal data, business security, intellectual property) and the level of compliance depends on the maturity of the company and its partners.
- What activities does the compliance policy at your company include?
- At the moment, every user of global platforms such as Facebook, Google and Apple has to deal with the fact that they each have their own rules and policies that all users are expected to abide by or they will be blocked/blacklisted or even de-platformed entirely. Even children are learning digital etiquette and network security rules today. Business representatives are no exception here as they establish their own principles and management standards that take into account legal requirements and the demands of stakeholders. ICL Services is one of them: our main goal is to provide quality IT Services to our customers while ensuring data security and continuous availability of service.
As long as these conditions are met our customers should get the expected value from us as they go about completing their tasks.
In order to ensure delivery of top quality service to customers, ICL Services designs its business processes taking into account the requirements of the law, customers and stakeholders alike, training its staff and monitoring adherence to relevant requirements, introducing and maintaining management systems (in accordance with such international standards as ISO 9001, 14001, 20000, 27001).
It’s not enough to simply have one compliance department for this mechanism to work: in our company every business process owner/manager is responsible for the outcomes of their process/project and for improving their workflow, as well as for managing risks and problems that may arise as they go about implementing their project. A compliance manager first and foremost coordinates and supports the functioning of this mechanism.
Asel Atakhanova, the head of the internal audit group at ICL Services
For ICL Services having a properly functioning compliance and risk management system is not just an indicator of business maturity but is also an effective tool that enables the company to maintain and accelerate its growth rate. At the same time, the introduction and use of such tools must be simple and easy to understand so that the deployment of technologies aimed at improving business performance does not turn into a major hassle for the entire company.
Special attention in compliance policy is paid to ensuring information security. The level of trust in interaction with major customers in Russia and abroad depends to a large extent on how well ICL Service is able to manage information security. Incidents involving information security breaches may result in the loss of trust from both existing and prospective customers. Therefore, abidance by all information security rules is an integral part of all of our business processes.
Companies get information security requirements from the law, contractual obligations and other documented requirements of internal and external stakeholders.
Special attention is paid to the organisation of a compliance system for the protection of personal data. Abidance by the requirements of national laws guarantees security of personal data for both staff and customers. Seeing how the company offers services in a broad range of markets, including the EU, we’ve also implemented measures that ensure adherence to the EU’s General Data Protection Regulation.
The company uses a risk-oriented approach. All organisational and technology-based information security measures are implemented after risk assessment, which is a continuous process at the company. The effectiveness of the information security management system is confirmed by an ISO\IEC 27001:2013 compliance certificate.
Since our staff are the main asset of the company, other important components of compliance include:
- Labour compliance (new employees are hired in a competitive procedure, all labour laws are strictly adhered to, new hires are offered assistance in adaptation and training, there are numerous incentive schemes and employee certification programmes etc.);
- And what new forms of compliance is the company adopting?
- We've continued to implement compliance policies even during the global COVID-19 pandemic. At the very start of the pandemic, we rather painlessly transitioned about 90% of our staff to remote working, thereby not only ensuring safety for our personnel but also abiding by the all the requirements of third parties (governments, customers, suppliers, contractors, international management standards). Meanwhile, some processes were moved online, such as interviewing job candidates, holding meetings, strategic sessions, workshops, project reviews with customers, provision of services, training, internal and even external audits. Documentation processing rules were revised. The success of the remote working project was achieved through well-coordinated effort of all the people involved in it. This allowed us to take into account the maximum number of external and internal requirements.
- Are there any know-hows you'd care to share with us? What did they help you achieve?
- The main achievement for ICL Services has been the deployment and use of the continuous improvement methodology that has not been simply imposed from the top but has been embraced by every employee. We're encouraging our colleagues to not only abide by business process requirements and the legal requirements of our customers, but to do it in the best possible way and if something goes wrong, we encourage our staff to respond immediately, identify the causes of non-conformances and take corrective action. Our staff view internal audits not as some inspection to get through and forget about but as an opportunity to have their processes evaluated by an independent party and get recommendations on how they can be improved. To that end, any department or project can request an internal audit.
Thus, we've made it easy for our staff to get consultations if they have any questions (via our compliance email address) or if they find some non-conformances (the red button on the corporate portal that any employee can click and a compliance officer will get in touch with them and organise a confidential enquiry). In addition, we have a compliance email address for our customers and suppliers and anyone who interacts with our company where they can submit reports about violations.
Thus, all company employees as well as partners and customers are involved in the compliance effort, minimising and preventing risks of violations of policies, business process documents, customer requirements, and minimising the impact of risks on the company's operations and financial performance while ensuring top quality of service to meet customer expectations.
- Which trends in the IT market would you note as having to do with compliance policy? Do you have any expectations of how compliance is going to evolve in IT companies.
- Compliance related trends in the IT sector that are worth mentioning include:
1) Development of new technologies such as artificial intelligence, machine learning, data analytics, the transition of business online, wider adoption of cloud based technologies and a number of other factors are making it necessary to pay more and more attention to information security compliance.
2) Given the wide use of internet technologies and the ever increasing role of social media and news aggregators, reputational risks are increasing: any ethical or legal violations can be critical for a company. So I think we’re going to see a lot of demand for IT services related to content monitoring, including services that utilise AI.
3) New opportunities are merging in remote compliance monitoring and remote audits: IT companies are going to be offering new platforms to take advantage of these opportunities.
In summary, I can say that we’re probably going to see fast growth among those IT companies that manage to adapt to the new realities and business requirements given the post-pandemic cutting of budgets and decline in demand for some IT services, as well as among those who are able to manage their risks effectively.
- Thank you very much for your time!
Related news
- 19 September
Realpolitik in Corporate Charitable Works
As a basis of charitable works, Realpolitik gives special advantages. What advantages – we can see on an example of ICL Services .
Contact us
Leave information about yourself and your company to get a detailed presentation.