Lloyd Dawson, Director, IT ComplianceJune 2010

IT Governance, Risk, and Compliance (GRC) at PSC

Agenda

• PSC, LLC

• IT Organizational Chart

• Why IT GRC at PSC

• IT GRC Strategies, Operations, and Tactics

• IT GRC Results

• Question and Answer

PSC, LLC

PSC North America Locations

IT Organizational Chart

• Vice President of IT – Pamela Rucker – Professional staff and outsourced services– Support 4 Lines of Business

IT Compliance Responsibilities

Why IT GRC at PSC

Strategies, Operations, and Tactics

IT Risk Management

ISO 27005:2008based process

Risk Management Internal Audit

IT Security – Account Administration

ISO 27002:2005based policy

IT Compliance

• 2008 – Baseline controls• 2009 – Expanded coverage controls• 2010 – Complete coverage controls• PSC received nomination for ISE Security Executive of the Year

(http://www.iseprograms.com/central_project_nominees.asp)

IT DRP

• Close coordination between HR and IT• Annual/as required updates and tests• Special DRP ‘kits’ for key plan participants• Conferences and seminars

IT HR

DRP = Disaster Recovery Plan BCP = Business Continuity Plan

IT Change Management

ITIL-basedProcess

CAB = Change Advisory Board

IT Vendor Management

RelationshipManagement

Control Visibility

IT GRC Summary

• Controls• Regulations • Ownership• Accountability• Measurements• Sustained• Coordination• Cost Control

Results

Question & Answer