All posts by Ray Hennessey

business, security

ISO 27001: Navigating Regulatory Compliance and Global Business Growth

In international business, where regulatory landscapes shift as quickly as market trends, robust and internationally recognized security protocols are vital. For companies actively pursuing regulatory licensing in multiple countries, one certification stands out as a beacon of trust and compliance: ISO 27001.

ISO 27001 and Its Relevance to Regulatory Licensing

  1. Understanding ISO 27001: It is an international standard governing Information Security Management Systems (ISMS), providing a systematic approach to managing sensitive information.
  2. Regulatory Landscape: By expanding across different jurisdictions, businesses face the challenge of complying with various regulatory requirements related to privacy, consumer protection, and financial oversight, such as the European Union’s General Data Protection Regulation (GDPR).

Alignment with Regulatory Requirements

For businesses handling valuable digital assets and financial information, ISO 27001’s alignment with regulatory requirements is pivotal:

  1. Common Language Across Jurisdictions: This standard’s universal framework often corresponds with various regional financial regulations (e.g., BASEL III in Europe), making compliance more consistent.
  2. Risk Management and Compliance: ISO 27001’s risk management approach is essential in an industry characterized by rapid changes. It promotes a culture of preemptive risk identification and mitigation.
  3. Data Protection and Privacy: The standard’s emphasis on data integrity aligns perfectly with global data privacy laws, ensuring that sensitive financial information is handled with utmost security.
  4. Audit Trail: ISO 27001’s requirement for detailed documentation and robust auditing practices aligns with regulatory demands for transparency in financial reporting.

Simplifying the Journey to Regulatory Licensing

Adopting the discipline and process required by ISO 27001 can significantly ease the path to global regulatory licensing:

  1. Holistic Approach: Rather than isolated compliance efforts, ISO 27001 fosters a unified, company-wide perspective, potentially cutting down time and expenses.
  2. Building Trust with Regulators: The certification can demonstrate a firm commitment to international best practices in information security, possibly expediting licensing procedures.
  3. Continuous Improvement: The refinement process ensures adaptability to ever-changing financial regulations and standards.

Conclusion

In a world where regulatory expectations and security needs are evolving, ISO 27001 certification is more than just a security measure. It aligns closely with the multifaceted demands of global regulatory compliance, particularly for businesses dealing with diversified portfolios and digital assets.

The integration of ISO 27001 can act as a cornerstone in global expansion, streamlining compliance, and building a resilient foundation for growth. It’s a pathway marked with clarity, efficiency, and trust that resonates with regulators, clients, and partners alike.

By embracing ISO 27001, businesses are empowered to traverse intricate regulatory terrains with assurance, utilizing globally recognized standards to forge a distinct advantage in the multifaceted and interconnected world of finance.

business

Stop the Madness!

Today, I want to address a common trend that I’m sure many of you can relate to—the barrage of connection requests from unknown individuals without so much as a simple introduction. You know the ones I’m talking about; the vague messages promising “synergies” and “mutually beneficial opportunities” without any natural substance or context. It is time to call out this practice for what it is—a time-wasting turnoff that rarely leads to meaningful connections.

The Cold Selling Conundrum

While I understand that LinkedIn is a platform for networking and business opportunities, it is essential to remember that authentic connections are the backbone of successful professional relationships. Cold selling and generic connection requests miss the mark, leaving a negative impression on the recipient. It’s like walking into a networking event and immediately shoving your business card in someone’s face without even saying “hello”— it is impersonal and off-putting.

Why It Doesn’t Work

Let’s be honest; does the “spray and pray” approach yield desirable results? Rarely. Recognizing that genuine business relationships are built on trust, mutual respect, and genuine interest is crucial. Sending a connection request with a thinly-veiled sales pitch rarely fosters those qualities. It can even damage your professional reputation and brand.

The “Business Development” Turn Off

A particular group seems more notorious for these cold selling tactics—individuals with “Business Development” or “Sales” in their job description. While I respect the role of business development professionals, the constant bombardment of generic connection requests without any effort to build a genuine connection is disheartening. It leaves us questioning whether they are genuinely interested in networking or merely in pursuit of meeting their sales targets.

The “New Kid on the Block” Ignore

Another aspect that’s an instant turnoff for many is the flood of connection requests from individuals who have recently joined a new company and are eager to sell us “the next best thing.” Don’t get me wrong; I’m sure that everyone appreciates innovation and exciting products or services. But when someone we barely know dives into a sales pitch about a service or product they’ve just started selling, it raises a red flag. It’s hard to trust that their recommendation is rooted in experience and understanding of the service or product’s value.

A Better Way to Connect

Before we get disheartened by the countless generic connection requests we’ve received, let’s shift our focus to a more meaningful approach to networking on LinkedIn. Let’s embrace authenticity and genuine engagement as the driving forces behind our connections.

Personalize Your Invitations: When you reach out to someone on LinkedIn, take a few moments to craft a personalized message. Introduce yourself, explain why you’re interested in connecting, and find common ground. It shows that you’ve done your homework and are genuinely interested in building a relationship.

Add Value First: Instead of diving straight into your pitch, focus on providing value to your connections. Share valuable content, offer insights, and engage in discussions. People are more likely to respond positively when they see you’re here to contribute, not just sell.

Respect Boundaries: Not everyone will be open to connecting, and that’s okay. Please respect their decision and move on. Building a network is about quality, not quantity.

Engage in Meaningful Conversations: Once you’ve made a connection, nurture it with genuine interactions. Engage in thoughtful conversations, offer support, and be a resource to others. This paves the way for meaningful collaboration in the future.

Let’s Create a Better LinkedIn Experience

LinkedIn is a platform that connects professionals from all walks of life. Let’s harness its power for authentic networking, knowledge sharing, and uplifting each other.

So, the next time you hit that “Connect” button, remember the power of genuine engagement. Let’s replace the “hope” of selling with the certainty of building lasting professional relationships that make a difference.

Please feel free to share your thoughts on this topic in the comments below.

life

The Drake Equation/Fermi Paradox

So_Where_Is_Everybody?

The Drake Equation and Enrico Fermi‘s paradox have always intrigued me.

The Drake Equation is represented as follows:

Equation

Obviously, when you look at the questions behind the various parameters – How many stars are there in the milky way? How many stars have habitable planets? etc. – there’s a considerable amount of guesswork involved.  As we learn more, parameters can be slowly refined and N can be calculated with a tad more certainty.

The real value of the Drake Equation is not in the answer itself, but the questions that are prompted when attempting to come up with an answer

The video below pulls-together both equation and paradox – and then neatly dovetails the concept of The Great Filter hypothesis.

Dan Carlin engagingly explains how it all fits-together.

A really interesting video.

life

The Umbrella Man

The_Umbrella_Man

One of my all-time favorite New York Times OpDoc videos by Errol Morris.

Josiah “Tink” Thompson – who wrote the book “Six Seconds in Dallas” – describes The Umbrella Man.

I have watched this six-minute video at least twenty times in the past couple of years. I feel compelled to share it.  It is a terrific reminder.

If you haven’t seen it, I really hope you enjoy it.  If you have seen it, please enjoy it again.

Mr. Thompson’s ‘cautionary tale’ is pure wisdom.

Images courtesy of The New York Times.  Music:  Spiegel Im Spiegel (Mirror in the Mirror) by Arvo Pärt.

business

Software Testing

software-testing

Delivering good news is easy

However, people who test software for a living need to do one thing really well – and that is:

have the uncompromising ability to deliver bad news.

And there are lots of really dedicated folks out there who do just that.  But there are also some who often mean well, but bend to real (or perceived) management pressure and compromise.  A deadline after all, is a deadline!

By “managing the message” – i.e. avoiding red RAG status events – Quality Assurance Managers often lull stakeholders into a false sense of security.  This can result in different types of unsavory scenarios, it does wonders for lowering overall team morale (who more often than not know the real story) and it wastes time and money.

How often have we seen elaborate test strategies degenerate into last-minute scrambling as integration and acceptance-testing cycles shrink and are pushed out to the right due to dirty data, broken functionality and environment issues? It’s a cycle that’s tough to break – but it needs to be broken.

Use The Force

Testing needs to be given the attention and recognition it deserves.  Just because it appears at the end of the food chain doesn’t mean that it’s not vitally important.

Tollgates that restrict movement of functionality from Development to System Integration Testing (SIT) through to Functional and User Acceptance Testing (UAT) and final implementation need to be strictly observed and deadlines that inevitably shorten cycle times need to be flexible enough to accommodate doing what is right, not just what is allowed.  On paper it’s all very simple, but in practice it requires conviction, courage and resolve.

Releasing untested code into UAT – or worse into Production – should be avoided. “Conditional Sign-offs” at the end of the day mean very little (as everybody ultimately forgets the conditions and only remembers the sign-off). Once bad code is implemented, operational “workarounds” are inevitable and extra work to plug the holes often prevails. Succeeding releases are delayed while bugs from the earlier release are being rectified and the vicious cycle deepens.

Over time, these workarounds are often baked-in to normal day-to-day operations and are accepted as common practice.  They linger sometimes for years; users work longer hours and overall cost increases.

Nomenclature

Once your company has adopted an agreed testing approach and standard terminology, changing the language to suit the level of tested code only leads to confusion. Where I worked, there was no such thing as “Pre-UAT” – the correct terminology was “SIT”. “Functional Acceptance Testing” may as well have been called “Failure Acceptance Testing” because that’s all that was really happening.  Don’t allow any re-branding – this only serves to mask the real issue.

So the next time you see a quantum shift in the project RAG status – have a word with the testing team; check the Traceability Matrix to make sure that all requirements bases are covered and make sure the users are happy with all testing results.  It can save you a lot of money in the long run.

For those interested in the complexities of Software Testing – you should check out the wiki page.

Photo: Courtesy of Google Images