About Project

We developed the GRC Program of NOKIA and also 3 year strategical plan and implementation roadmap for several value protection processes using RSA Archer Platform.

Project Info

  • Date : Jan 2016
  • Location : Espoo, FINLAND
  • Category : GRC Program Management

Approch


Nokia was using RSA Archer platform for only Incident Management purposes. We developed full scale GRC Program with several sub-components and processes to increase maturity, automation and integration of related processes.

3 year implementation roadmap with agile methodology is applied using RSA Archer Platform driven by the GRC Program objectives. Solutions categorized under 5 themes (Risk, Privacy, Corporate/Information Security, Legal & Compliance and Technical) which include several processes within.

Our Solution


We used a merged methodology from OCEG GRC Capability and Forrester GRC Handbook as a base to Nokia GRC Program. It had a structured approach and components such as GRC Charter that includes the business case, role and responsibilities, GRC short and long term vision and mission. It also included strategy planning, technology enablement,  financial sub-plan, implementation sub-plan, communication and reporting sub-plan, training sub-plan and continuous improvement cycle with benchmark and KPI measurements.

The Result


Nokia is currently having over 20+ processes implemented in RSA Archer Platform supporting privacy, security, risk, health & safety, vendor risk, product security, compliance and business continuity. And involving other value protection domains, improving existing processes or alignment with business objectives are all managed over a well-structured GRC Program and 3 year strategy roadmap.

GRC_Model3
AgileMethods4
AgileRoadmap2
TrainingPlan2