On June 24th 2020, IRM and Altran held a webinar titled: “Governance, Risk and Compliance (GRC) Lessons Learned from a Global Pandemic”. The aim of the webinar? To address the impact of the Coronavirus from a business perspective and, more specifically, from a GRC perspective.

The webinar was presented by Matt Griffiths (Sales Director) and Paul Sexby (Head of Strategic Practice) of Altran’s World Class Center for Cybersecurity, IRM. Francois Charbonneau, Chief Information Security Officer for Altran, co-presented the webinar, offering detailed insight into how the organisation responded to the pandemic and how it affected their cybersecurity priorities.

Watch the webinar

– Highlights real-life examples demonstrating how the virus has forced businesses to change their operations
– Demonstrates how these changes could impact information security
– Explores the human factors, looking at how your employees have an impact on GRC
– Considers the risks created from the changes in working environment (remote working)

contact us

Presenter Q&As

Throughout the webinar, we received several questions from the audience. Whilst we were able to address a few of these on the webinar, we promised to ensure the others were answered. See below a collation of the questions from the audience and responses from our presenters.

Should COVID-19 call for organisations to define a mandatory pandemic information security policy?

Matt: I don’t think so. I think that an information security policy should be wide enough to cover eventualities such as being unable to work from the office. I also believe that having more than one policy means that there is a proportionately greater chance of it not being read and understood. Therefore we should try to keep this as neat as we can with a single policy.

Paul: It does not require its own security policy however, per se, though as a consequence some current policies may need adaptations to reflect the ‘New Normal’.

Also organisations should consider the wider impacts of a pandemic and include it as a ‘scenario’ in their Business Continuity / Business Resilience plans.

Francois: COVID-19 will no doubt lead to some changes in the business continuity plans. I don’t anticipate major changes in security policies. However, the two following considerations should drive improvements:

(1) the long-lasting period of unconnected workstations that have to be specifically checked when back to internal network

(2) review technical configuration standard because workstations are potentially internet exposed

Has IRM seen a shift in how supplier audits are conducted and has this led to new advancements around SYNERGi that can help support clients that are subject to those remote supplier audits?

Matt: It is too early to have seen shifts in our supplier audits inbound yet.

Paul: In my opinion it is too early to say, purely because so many organisations are not back up and running yet.

How should we go about building a contingency plan for the future?

Paul: You should without a doubt be building a contingency plan for the future – if nothing more, consider planning for a second wave!

The current situation was a test of BCP / Resilience plans, hopefully organisations have some record of decisions made, and actions taken – these form part of the ‘Post Event Response Review’ – to inform decisions and contingencies that might be helpful in the future.

Think positives and negatives, what DID work well, what was not so good, and what would you definitely do differently? Take views from across the organisation (departments and staff levels – the perceptions will be very different!). Use the input to enhance your plans for the future – which of course you hopefully will not need.

What can we do to educate remote workers about cybersecurity risks, data protection etc?

Francois: We should apply everything we’ve already known for a long time and then add some work from home specific topics. This could include connection sharing, internet box settings, etc. Make sure the user becomes part of the solution and consider everyone as permanent remote worker.

Free Resources

IRM and Altran have been busy writing original resources to help you get through the pandemic. These free resources can help support your business continuity and disaster recovery plans.

Lessons Learned from the Pandemic (Whitepaper) – Matt Griffiths, IRM

COVID-19 – Governance Risk and Compliance Considerations (Whitepaper) – Paul Sexby, IRM

How You Grow Matters (Industry Reports) – Altran

IRM can support you

If you’d like to talk to IRM, please get in touch via our contact form. Download our Service Overview to learn more about our range of services including Enterprise Risk Consultancy, Security Testing and our award-winning SYNERGi GRC Platform.


Get the latest updates & resources

Sign up to our newsletter and get access to all of our resources, security tips and news

Sign up to the newsletter

Complete your details to subscribe to our weekly newsletter.