Principals of PCS Powered by e-Safe Compliance
1. Accountability 2. Responsibility 3. Autonomy 4.Immediacy 5. Community 6. Proportionality and 7.Transparency
Accountability - enables owners to be responsible for protecting their information
e-Safe Compliance, through user empowerment, makes the information owners accountable for the protection of information they are responsible for by creating roles for them in the system. Using these roles, they can now classify the information themselves and, more importantly, define how it should be used. Information owners receive reports on the usage of their information and can make the call if it is not used appropriately.
Responsibility - shared responsibility leads to higher security
e-Safe Compliance does not adopt a blocking approach to security but instead adopts a more flexible monitoring approach based on responsible use of information. Under this approach, the usage of information is based on the sensitivity of the information as defined by the information owners. However, the users are allowed to make a judgement call and are held responsible for their actions. The approach uses a fundamentally different implementation approach of the traditional technologies of user behaviour analytics and employee monitoring tools
Autonomy - more freedom through trust and self-governance
e-Safe Compliance fosters a culture of Trust and Self-Governance among the staff. Users make the call on the usage of the information based on their responsibilities. For example, a finance executive working on a last-minute, next-quarter financial could decide to take it home via USB drive or Dropbox as long as he gets authority to do so from the information owner, the CFO in this case. The finance executive knows that if he does not do that, the CFO will receive the report of his activity and might start an enquiry.
Immediacy - user empowerment reduces detection time and improves user education
The primary focus of empowering the users by using e-Safe Compliance is to reduce the “Detection Time” of a transgression. By decentralising the reporting of transgressions to people who understand the sensitive information, it is ensured they are picked up quickly and remedial steps can be taken immediately.
Community - fosters a cultural change towards security
One of the biggest challenges faced by security teams is to develop a culture of security in the organisation. Through decentralisation of security roles and responsibilities, e-Safe Compliance ensures all users starting from top management to junior executives are involved in the decision-making and are responsible for how the information should be used and processed. The added responsibility upon the management ensures that they lead by example for their teams. This facilitates an overall cultural change in the organisation towards security.
Proportionality - focused monitoring via data-centric security
The freer handling of the information due to greater autonomy allowed under PCS is verified using e-Safe Compliance’s advanced monitoring features which are proportionate to risk involved. e-Safe Compliance works on the principals of total visibility of sensitive information and Data-Centric security. Unlike many existing security technologies which either block or allow an entire medium, e-Safe Compliance focuses on protecting the data while giving total visibility to the responsible users. This ensures users are not burdened by unnecessary security but still have the flexibility to do get their job done.
Transparency – builds trust among users
e-Safe Compliance is built on the philosophy of TRUST BUT VERIFY. All monitoring is done in consultation with the specific departmental heads and information owner groups