Companies should integrate best practices to cybersecurity requirements 


By Stanley Senya 

Accra, Sept. 19, GNA – In addressing cyber security requirements, companies should integrate best practices into their standard processes, baselines, policies, and standards. 
This approach ensures that cyber security is not an afterthought but a fundamental part of daily operations essentially, part of the company’s DNA. 

A statement issued in Accra by Huawei Technologies said establishing processes was only the first step. 

It said to ensure their effectiveness, companies needed to be deliberate about implementing a variety of measures. 

It said to begin with, they needed to be committed to ensuring global standards are seen through. 

These may include the establishment of standardized business processes globally with identified Global Process Owners (GPOs) and Key Control Points (KCPs).  

The statement said Huawei in achieving this had established a Global Process Control Manual and a Segregation of Duties Matrix that were applicable to all its subsidiaries and business units. 

It said this was paired with a dedicated Board Committee for cyber security, chaired by a senior executive, to oversee and enforce process execution.


“On this Board sits the main Board Members and Global Process Owners who have a role in ensuring that cyber security requirements are imbedded in processes, policies and standards and that they are executed effectively,” it said.


The statement said if there was any conflict, or resource issue in cyber security, this committee had the power, remit and seniority to make decisions and change the business without reference to anyone else. 


It said delivering innovative quality products and services requires companies to commit to implementing consistent, repeatable, and globally rolled-out processes that prioritized cyber security. 


It said without this level of commitment, each product, service, and customer interaction would be a random event, with variable outcomes in terms of quality and experience. 


“To achieve consistency, leading tech companies often partner with management consulting firms to develop, train, and support their transformation into process-based organizations,” it added. 


For example, Huawei has employed IBM since 1997 to develop, train and support it in becoming a process-based organization one that is fundamentally driven by repeatable processes. 
The statement said as a result, the company was able to deliver a consistent quality of products and service. 


It said to instill confidence in customers, especially those facing political or commercial pressures, companies must provide independent assessments of their products and processes. 

This includes dedicated localization efforts to ensure the integrity of their supply and support chain. 

It said implementing an end-to-end global cyber security assurance system was therefore crucial for maintaining stable and secure operations, particularly during emergencies such as natural disasters. 

Additionally, audits are an important part of these measures. 

It said audits to external inspections and third-party reviews were useful for validating what is happening against what should happen. 

In this regard, Huawei Auditors use the Key Control Points and the Global Process Control manual to ensure processes are executed and that they are effective. 

“This is regularly updated through online exams every year to keep knowledge current, forming part of its Internal Compliance Programme,” it said. However, there is nothing more important than an openness to scrutiny. 

The statement said companies need to allow their processes and internal systems to be opened up to audit and scrutiny from its customers and from governments. 

Huawei operates in over 140 countries because it is trusted by customers in all these countries.


It said it was this ability to use real customers and experts from many fields and governments to inspect, vet and validate their approach that truly enables the company to develop world-class processes and integrated systems. 

It is a repeatable process that is also a virtuous cycle: develop test validate learn update develop.
By integrating these measures, companies can ensure that security is truly built into their operations, rather than being an afterthought.
GNA