Bramble

IT Compliance

How to reach out to us?

IT Compliance works collaboratively with multiple functional teams throughout the Bramble organization. We partner with our Security Compliance and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations. We also partner with Management, Business Teams, and our Data Team to implement solutions.

Our work can be tracked in the IT Compliance GitLab Group.

Note The Compliance Access Review Project is where we are logging and storing the main issue IT Compliance uses to complete User Access Reviews. The actual User Access Review issues are still being tracked in our Access Request Project.

Who We Are

The IT Audit and Compliance function at Bramble is here to ensure as a company we are ready to pass audtits for our IT General Controls (ITGC). IT Audit and compliance builds the processes that allow us to stay compliant over time. We are specialized around Business Technology and that is our area of focus. Our work rolls up to the overall Security portfolio of Audit and Compliance.

Vision

  1. To identify and secure applications that are deemed to fall under audit scope
  2. Ensure that only current employees have access to the applications and the appropriate actions.
  3. Manage all changes to compliant systems to ensure their auditability and compliance with change management.
  4. Constantly iterate to simplify and ensure processes are efficient and automated as much as possible. Goal is to weave these processes into the fabric of work so they are not noticed.
  5. IT Audit and Compliance - Ensuring that all customer/business data is secure and can pass key audits for attestations and compliance with SOC, ISO etc.

How we work

Our IT Compliance Board board is where some of our work can be tracked. If you need help with anything or have any questions, you can add our label IT Compliance or tag @brmbl-io/business-technology/it-compliance in an issue. You can also find us hanging around in the #business-technology slack channel.

What we do

IT General Controls

Most Common:

The most common ITGCs:

  • Logical access controls over infrastructure, applications, and data.
  • System development life cycle controls.
  • Program change management controls.
  • Data center physical security controls.
  • System and data backup and recovery controls.
  • Computer operation controls.

Bramble’s IT Audit Function will focus on the following for the next 6 months:

  • Logical access controls over infrastructure, applications, and data.
  • System development life cycle controls.
  • Program change management controls.
  • System and data backup and recovery controls.

Business Continuity Plan

IT Compliance works closely with our Security Compliance team to ensure that Bramble’s Business Continuity Plan is up to date.

Business Technology Change Management

IT Compliance works closely with our internal business partners for all Enterprise Application Change Management. More information can be found in our Business Technology Change Management handbook page.

Contribute: Edit in Forestry Edit in Web IDE View Source