Serving as a volunteer on ISACA’s Government and Regulatory Advocacy (GRA) Subcommittee 3 (Europe/Africa) has been a great opportunity for me to meet new people, face new challenges and look for creative ways to use ISACA deliverables and research.
ISACA chapters, as local groups, need to take care of their members and show them the value of membership. One way of providing value to chapter members is through government and regulatory advocacy activities with objectives including: having ISACA intellectual property (IP) adopted as good practice, making recommendations that help to implement national regulations or even becoming part of them by gaining ISACA professional certifications and becoming a requisite or a recommendation for particular activities.
To achieve this, the virtues of ISACA IP and professional certifications have to be known and understood by the right people in the right positions in the regulatory bodies.
In the ISACA Madrid Chapter, we have taken GRA objectives so seriously that the president and vice president are in charge of GRA activities within the chapter. During the last five years, many efforts in this area have provided some positive results, including:
- ISACA Madrid Chapter is one of the key players in the National Digital Trust Forum, created by the Spanish Ministry of Industry, Energy and Tourism, to take care of the Digital Agenda, leading the work group dedicated to professionals. This work group has proposed a new initiative in the Digital Agenda to foster and improve “trust” professionals (auditors, information security managers, etc.). As a collateral benefit, ISACA is well known in the Ministry in charge of digital “business.”
- ISACA Madrid Chapter has had the opportunity to make proposals to the recently modified Law for Private Security Services, which includes regulations about information security services for the first time. Regulatory development is under way and the intention is that Certified Information Security Manager (CISM) professionals become, in some way, recognized for these kinds of activities.
- The Spanish government project to develop a framework for cybersecurity professional certification (in the development phase) has been reoriented to consider third-party certifications, such as ISACA’s CISM and Cybersecurity Nexus (CSX) program.
- ISACA International President Robert E Stroud was invited to participate as keynote speaker in Cybercamp, the annual cybersecurity event promoted by the Spanish CyberSecurity Institute, INCIBE.
- An agreement is under way with the Spanish Cyber Defense Unified Command, the unit in charge of cybersecurity defense and attack operations, to participate in its training program and help its members become CISM and Certified in Risk and Information Systems Control (CRISC) certified, and also acquire the appropriate new CSX certification.
- Recently a collaboration agreement was signed with the Madrid Bar Association to allow the chapter to participate, through this lawyer association, in consultation on new laws and to act as a consultation body for the Spanish regulator.
We are confident that these activities and initiatives will help to assure the continuity of our chapter and even make it more relevant as the government can find continuing collaboration and knowledge through ISACA. As more professionals become certified in the public sector, more people will be willing to ask for ISACA certifications as a necessary condition for assurance roles.
If you or your chapter is considering working on GRA activities, I am more than happy to share my own experience working in this field with you.
Vice President and Past President, ISACA Madrid Chapter
GRA Area 3 Committee