Desarack Teso, JD/MBALegal Counsel, Digital Crime Unit

Corporate, External, & Legal Affairs

http://www.pbs.org/video/american-experience-fords-river-rouge-complex/

Today, no enterprise

is an island because of

market force demands

and unprecedented

technology disruptions

Any Channel

WHY? Market Forces

7

Consumers are enjoying the benefits of their digital lifestyle, and expect no less from their employers and

businesses with which they interact

Any Time Any Place

Any Device

Cloud computing

allows enterprises to

focus on value creation,

while delegating

capital-intensive and

hard-to manage

IT infrastructure to

specialists who are the

best in the world

The first key

advantage of cloud

is security

Business Risk #1 -

Cyberthreats

1. Extreme weather events

2. Natural disasters

3. Cyberattacks (#6 in terms of Impact)

4. Data fraud and theft

5. Failure of climate-change mitigation and

adaptation

6. Large-scale involuntary migration

7. Man-made environmental disasters

8. Terrorist attacks

9. Illicit trade

10. Asset bubbles in a major economy

Top 10 risks in terms of Likelihood

Nearly all successful

cyber-attacks start from

avoidable human

errors made by

employees

(or business partners)

A trusted cloud

provider must

respect….

Business Risk #2 -

Build a legal and compliance team and empower it to do the right thing

Cloud providers

make unrivaled

investments in…

Business Risk #3 -

HIPAA /

HITECH ActFERPA

GxP

21 CFR Part 11

Singapore

MTCS

UK

G-Cloud

Australia

IRAP/CCSL

FISC Japan

New Zealand

GCIO

China

GB 18030

EU

Model Clauses

ENISA

IAF

Argentina

PDPA

Japan CS

Mark Gold

CDSAShared

Assessments

Japan My

Number Act

FACT UK GLBA

Spain

ENS

PCI DSS

Level 1MARS-E FFIEC

China

TRUCS

Canada

Privacy Laws

MPAA

Privacy

Shield

India

MeitY

Germany IT

Grundschutz

workbook

Spain

DPA

HITRUST IG Toolkit UK

China

DJCP

ITARSection 508

VPATSP 800-171 FIPS 140-2

High

JAB P-ATOCJIS

DoD DISA

SRG Level 2

DoD DISA

SRG Level 4IRS 1075

DoD DISA

SRG Level 5

Moderate

JAB P-ATO

GLO

BA

LU

.S.

GO

VIN

DU

ST

RY

REG

ION

AL

ISO 27001

SOC 1

Type 2ISO 27018CSA STAR

Self-AssessmentISO 27017SOC 2

Type 2SOC 3ISO 22301

CSA STAR

Certification

CSA STAR

AttestationISO 9001

Source: https://iapp.org/resources/article/the-general-data-protection-regulation-matchup-series/

What is our true purpose as an organization? How do we create more value?

Can we match the best in the world in investments in IT infrastructure to minimize IT risks?

What are the foundation of TRUST if we decide to delegate IT functions (and risks) to a third party?