Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
“It is essential to align technology with the business by managing risks and ensuring compliance”. Eduard Chaveli, Govertis
Eduard Chaveli is Head of Consulting Strategy at Govertis, part of Telefónica Tech, and a pioneer in the field of IT Law in Spain. He is a key figure in the development of technological and legal solutions in the field of data protection and information security.
* * *
How has Govertis developed since its foundation and what does it mean to be part of Telefónica Tech?
Govertis has evolved from being a specialist in a subject such as personal data protection to a consulting firm that offers a comprehensive solution in everything related to Governance, Risk, and Compliance (GRC). We align digital and information technologies with business and corporate objectives, managing risks and ensuring IT compliance. This includes information security as a core part.
Being part of Telefónica Tech allows us to offer this comprehensive, end-to-end service, with a solution that is not only complete with respect to IT GRC services, but together with the rest of the Telefónica Tech portfolio offers the customer a complete solution.
How are we different from other consulting firms?
In addition to the comprehensive service that we can offer our customers because we are part of Telefónica Tech, the main differences that we have with respect to other consulting firms are:
- The professional quality of its members, in a team highly specialized in the field, where knowledge flows and permeates until it reaches each member.
- The personalized treatment we give to each customer, thanks precisely to the quality of our professionals.
Our goal is to continue growing in numbers without losing either the human and professional quality of the team or the personal attention to the customer.
Could you tell us about a specific case in which, thanks to the partnership between Govertis and Telefónica Tech, we have generated differential value for customers?
We have multiple cases of customers in which we ensure the governance of cyber security and privacy of the solutions and services we provide from Telefónica Tech. Both in projects of implementation of technological solutions, as well as in technical offices that accompany the client in its transformation process.
Security incident management is a very clear example of cyber security. Customers who suffer a security incident are primarily concerned about the operational part: that their systems continue to function to maintain the continuity of their business.
Eduard directs and is a regular speaker at numerous masters and courses in the field of IT law.
However, in addition to the operational part, there are also requirements derived from different regulations (personal data protection legislation, National Security Scheme, Critical Infrastructures, etc.) that impose certain obligations before, during and after the incident.
As a consulting firm, what is the strategy to stay at the forefront in a sector as dynamic as the technology sector?
It is indeed a very dynamic sector because, in addition to the changes in technologies, there is the logical and consequent modification of the regulations that govern them. This requires us to:
- On the one hand, we are divided into Competence Centers that allow us to group people around different regulatory frameworks and services and thus organize knowledge and make it available for business development and projects. It is these Competence Centers that are responsible for keeping the portfolio of services linked to them up to date.
- On the other hand, we invest heavily in training people to ensure that this knowledge reaches each and every one of them, who are our face and voice before the customer. We have a collaboration agreement with the Spanish Quality Association (AEC) that allows us to be part of a continuous training ecosystem.
What do you consider to be the challenges that companies face, including regulatory changes, and how do we at Telefónica Tech help them to overcome them?
Companies are facing an increasingly digitalized world, with greater opportunities, but also with greater risks and compliance requirements in the IT environment.
Companies need specialists with experience in the field of GRC consulting in IT frameworks to address these risks, as is our case, who understand the needs of the business and align them with compliance requirements. At the same time, being part of Telefónica Tech, we can offer the client a comprehensive solution.
We understand the business needs and align them with compliance requirements.
How is artificial intelligence impacting governance, risk, and compliance (GRC and information security) and what services do we provide in this area?
Firstly, Artificial Intelligence allows consulting services (as well as operations, production or business services) to be provided more effectively and with fewer resources.
Secondly, and this is what we focus on from the Govertis team, part of Telefónica Tech, it is necessary to reconcile the great opportunities that AI brings with regulatory compliance and information security.
For this we provide services that include training and specialized awareness in regulatory frameworks applicable to AI, consulting on regulation and use cases of AI in organizations or specific governance on AI management. Also consulting projects, implementation and support in the certification of AI management systems in accordance with ISO 42001 (SGIA).
It is necessary to reconcile the great opportunities that AI brings with regulatory compliance and information security.
How important is the figure of the CISO today and how are we supporting these professionals in their daily work?
The figure of the CISO, chief information security officer, is fundamental in organizations today for different reasons. One of them is that we live in an increasingly digitalized world in which information is an essential asset and the CISO is responsible for protecting this data against threats and ensuring business continuity.
Likewise, the CISO develops and implements the security strategy, aligning it with business objectives, ensuring compliance with IT regulations (together with other roles, such as the DPO); and not forgetting that it is he who leads the response to security incidents, again in coordination with other roles.
A CISO is responsible for developing and implementing the organization's security strategy, ensuring regulatory compliance, and leading the response to security incidents.
Likewise, the CISO develops and implements the security strategy, aligning it with business objectives, ensuring compliance with IT regulations (together with other roles, such as the DPO); and not forgetting that it is he who leads the response to security incidents, again in coordination with other roles.
We offer specialized consulting services of external support to the CISO in each of his functions; and, on the other hand, to the organizations that require it, we offer the CISO as a service, a model that allows companies to have an external director.
