Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
6 August 2015

Do You Have Trust Issues?

Security is all about trust. Many organisations talk about trust in various ways, especially where systems and processes intersect. Trust in people, in processes and in the accuracy of data are all terms which we deal with on a daily basis. SAP even use STRUST as their transaction to create secure connections between systems. Security is all about trust.

So, knowing that trust is defined as “having confidence in the veracity, integrity or other virtues of someone or something”, how would you rate the trust you have in the following:

  • The accuracy of your data?
  • Integrity of the systems which store your data?
  • Security of communication between systems?
  • The integrity of the people in your organisation?
  • The organisations which work to support you?
  • The processes which are in place?

If any of the above gave you pause for thought, you are probably not alone! I have seen examples of all of these being called into question at some point and, like all of us, have worked to improve the trust in the people, companies, systems and processes involved.

Once trust or confidence has begun to be eroded, it can be extremely difficult to re-establish, if it can be regained at all. It is possible to handle a lack of trust, establishing proper governance and control processes, supported by tools can help us to continue to operate in environments where trust is an issue.

Trusting the people

We trust the employees in our company with the data they require to perform their job function. We do, however, still establish mechanisms to protect both the organisation and the employees themselves from the ability to realise risk. It is important that this protection is understood to work both ways – the company can have faith that “John Doe” cannot commit fraud and “John” is confident that he will be blameless in the event that fraud were to happen. Establishing the employees’ responsibilities in managing risk are key to achieving our governance and compliance goals.

Maintaining control of segregation of duties risks, whether through role design, or supplemented with GRC access controls, is one mechanism by which we can establish trust between the employer and the employee. This is even more relevant for managed service organisations, where they are being trusted as the custodians and protectors of their clients’ business-critical information and systems.

Trusting the systems

Ensuring the integrity of the systems and data your business relies upon is key. Anything which undermines confidence in those systems needs to be addressed and there are a number of procedures which can improve the reliability of, and confidence in, those systems.

Ensuring correct change controls are in place for enhancements should ensure that nothing untoward is introduced into the live systems, however this needs to be backed up by robust testing from the correct stakeholders, with particular emphasis on integration testing, as nothing will erode trust in new systems faster than negative UAT or live issues.

We often see cases where functionality tested (and working) in isolation in pre-production systems does not “play well” with live data, or other functionality. Making sure that issues with integration are addressed before go-live will increase business confidence in the IT systems and the organisation which supports them.

The bottom line is: Ensure you have the processes in place to protect the people and systems your business needs, supported by the appropriate tools and you will improve the trust, truth and confidence in those people, systems and your own organisation.

Please feel free to comment on your own trust issues, or examples of what’s worked well using the section below.