Given its normalization as a critical business function, compliance and risk management requires executive oversight and governance from multiple departments. Organizations that do not have executive-level interest, policy mandates, and monitoring put their investors and customers at much greater risk when easily prevented breaches occur.
The following organizational functions and departments should be included in the governance model for IoT operations:
- Legal and privacy representation
- Information technology/security
- Operations
- Safety engineering
Executive governance—if not already mandated by an industry requirement (for example, PCI DSS)—should include some type of approval authority to operate an IoT system. Any ...