Professional Documents
Culture Documents
Guion
Guion
Table Analysis based on the Findings of the Previous Compliance Analyst (Dec-2023/Jan-2024)
The most recent analysis, conducted in DE 2023, revealed crucial information that could
explain why our operations floor is not in adherence to the client's requirements for safeguarding
customers' personal information.
By constructing a pivot table, we identified that last year, personnel designated as
coaches were observed introducing paper or writing materials into the operations room. This
behavior may have influenced others to perceive it as acceptable. Additionally, one coach was
caught bringing a cell phone into the operations room.
In January this situation got worse it is in this year when we can start seeing a risky
spread of this behavior, so our team found a total of 10 unlocked workstations, 8 phones, 7
paper/writing materials, 4 handbags/purses, 3 cases of improper badge usage, and 1 electronic
wearable device inside the operations floor.
Risk Identification.
Second part.
Risk response and mitigation.
How can we respond to this potential incident?
coaches’ on mind the data compiled by the department, we can find that the main issue in
our company is the negligence, in December 2023 a total of 12 writing materials, 2 Cell phones,
1 electronic wearable device and 1 piggybacking incident were reported but non action was
taken, so this can be the main factor that determined the spread of these behaviors over all the
operations room, it is important to expose that these behaviors were mostly practiced by our
coaches team, so, this could be the root were we can start investigating and creating a solution
plan.
By 2024 there was an evident failure over all the operations room, according to the data
found we pass from 12 writing material to 7, from 2 cell phones incidents to 8 Cell phones and
we are still having the same employee entering the operations room with the same electronical
wearable device, it is evident that no action was taken and that no plan was not developed in
order to advise or advert the implicate personnel.
What can we do to mitigate this specific risk?
Non electronic program
• Conduct a thorough review and update of privacy and data security policies.
• Enhance employee training on handling sensitive information securely.
• Implement regular audits and monitoring to ensure compliance.
This one could be done by the implementation of a program of training made by the compliance
department and provided to the operations room personnel, as we can see it is important to
highlight the need to meet client’s expectations by eliminating undesirable behaviors, emphasize
the importance of maintaining work areas free of electronic devices and sensitive materials,
describe the non-electronic device training program developed by the compliance team and
explain the training distribution process from the compliance team to OMTT, coaches and
agents, with this first step applied to the risk identification we are covering the Gramm-Leach-
Bliley Act (GLBA), workspace policies and the PCI DSS (Payment Card Industry Data Security
Standard).
2. Enhancing monitoring
• Work closely with the legal department to ensure that all policies and procedures align
with relevant laws and regulations.
• Seek legal guidance on privacy laws, compliance requirements, and contractual
obligations.
Human Resources (HR):
• Engage with the operations department to understand the workflow and identify areas
where sensitive information is processed.
• Collaborate on the development and enforcement of policies related to the paperless
environment and personal items in the production area.
Training and Development:
• Collaborate with the training and development department to create and deliver ongoing
training programs for employees at all levels.
• Ensure that training materials are tailored to different job roles and include specific
information about compliance requirements.
Solutions proposed.
We know that an internal problem of this size could be happening due to internal breaches in
more than one department, as a great company it is important that all our departments work
together to maintain our employees the most updated in security process and our client’s safe
from customer demands or information theft. In the previous case the security breach has his root
in the coaches not following of the compliance and legal processes. To avoid that, we need to
cover all this internal problem in a multidimensional way working together for the same goal.