fbpx
Houses of Parliament

Compliance and governance – not such dirty words after all!

All companies have to comply with certain rules and regulations, ranging from reporting regularly to the tax authorities and Companies House, to paying staff at least minimum wage for every hour worked, to ensuring that any personal data is kept secure and only for as long as needed or legally required.  Governance is the set of policies and procedures within a company that enable these functions to run efficiently so that everybody feels safe and confident in the structure.  Implicit within this is the idea that policies and procedures are reviewed regularly with the aim of constant improvement.

Many of our client’s have been through one of the quality management ISO 9000 series qualifications, as have we, and these are a good basis for putting in a governance structure within a company without “reinventing the wheel”.

For a service company like Octagon Technology, governance is especially important.  We look after the data of hundreds of our clients, and are entrusted with passwords, licence keys and all sorts of other information which is not only secret but also vital to the survival of their businesses.  We are also tasked with ensuring our clients are compliant with regulations such as GDPR – most saw this as a chore, but we also saw it as an opportunity to review governance within our client companies and ourselves.

Within Octagon Technology our governance policies with regard to client data are extremely strict.  Access to data is limited to those who need it, and indeed if a support engineer needs client information that is normally restricted to senior management only, they are granted temporary access only.  Members of staff such as the Managing Director and the General Manager, neither of whom are involved in direct client support, have no access to client operational data.  If the Chief Information Officer were to be involved in an accident, the Managing Director only has access to one part of the information needed to be able to access restricted data, and also needs to involve the company’s solicitor to put all the pieces of the puzzle together.  This is how seriously we take the issue of protecting our client data.

In future blogs, I shall be investigating this area more closely and relating it to how we work at Octagon Technology.  We hope that the blogs will ring a few alarm bells in readers’ heads so that they look at their own governance structures more closely, and if any help is needed we are happy to get involved in the process.

Diana

Diana is a founder and Managing Director of Octagon Technology.

Twenty odd years ago Diana was teaching IT at a college in Essex when local companies started to come in and ask her for help with their computers. This led to the creation of Octagon Technology alongside fellow lecturer Clive, with a vision of providing Technology Without Tears for our clients.

Nowadays, Diana concentrates on the less glamourous side of the business, dealing with the statutory reporting, the strategic planning, the budgeting, forecasting and cash flow analysis. She also looks after the payroll, together with the human resources policies and procedures.

If you would like to talk to Diana about any of the issues raised in this article, please let us know (01522 797520) and we will ask her to contact you and answer your questions.