Assurance Areas

Legislative Compliance

Compliance with Regulator’s standards and codes of practice



Compliance with legislation and regulations can attract a Regulators attention and the use of our GRC PAT can be tailored to map legislative and regulatory requirements, to demonstrate management’s intent to comply with the requirements and prove care and diligence is practiced in the identification and management of critical legislated and regulated risks. These include – Safety, Environment, Heritage, Industry and other regulated standards.

Self-imposed Standards

Officers of an Organisation are required to demonstrate care and diligence in the execution of their duties to the benefit of the organisation. They often embrace self-imposed standards to guide their processes and business intelligence requirements. Typical self-imposed standards include International Standards such as:
9001 – Quality
45001 – Safety
14001 – Environment
19600 – Compliance
Industry specific standards, and
Important internal accountability policies

Security

Physical security



Our contribution to physical security is based on the maxim that workers will do well those things that management checks. The presence of auditors and inspectors checking that the organisation’s physical security policies and processes are being adhered to is a clear sign to staff that management and senior management take Physical security seriously.

Cyber Security



Our contribution to cyber security is based on the maxim that workers will do well those things that management checks.

Cyber Security hardening



By delivering a program of regular and intermittent reviews of Information Security Manual related staff and process performance with our GRC PAT, management will have demonstrably adopted a process of staff and process cyber security hardening.

What senior management monitor and measure shows the staff that these processes and policies are important. Senior management’s cyber security related leadership is ‘felt’ by the staff as a result of the pro-active cyber security personnel and process audits.

Mandatory reporting



We have mapped the 2019 Australian Government Information Security Manual (ISM) ready for use in the GRC PAT with the Essential Eight elements mapped as a working subset of the ISM.

The 36 mandatory reporting elements from the Protective Security Policy Framework (PSPF) are also mapped and ready for use in the GRC PAT.
© 2019 X 14 Systems Pty. Ltd.