F3 Response to the Office of National Cyber Director RFI for Harmonization of Cyber Regulations


Please find other responses to this RFI here:


The scope of Regulatory Harmonization needs to extend beyond cyber. It is crucial to address all risks as they are interconnected.

Every organization faces a unique combination of federal regulatory requirements that overlap with their specific objectives. In addition, they must navigate regulations from other sources such as State, Local, Tribal, and others within their business ecosystem.

The CMMC is an example from a client, the DoD, placed on those within the Defense Industrial Base. Many organizations require unique ESG behaviors to have a relationship. Consumer protection laws are inconsistent across states and nations. Local environmental regulations overlap with those from state and federal governments.

Even if federal regulations are harmonized, those responsible for managing risk and compliance within organizations, whether public or private, must find ways to address internal harmonization and align their activities with return on investments. By leveraging Business Continuity Management, organizations can identify areas for improvement, streamline processes, and enhance overall efficiency. This not only ensures compliance but also drives business growth and resilience.

Continuity of Effort for Risk Management is Key

It is 2023, business systems have matured enabling continuity of effort across all risks. Operational teams can use the technology available from providers like ServiceNow to drive efficient and effective management. Board and C levels can be provided with the information they need to make informed decisions. There is still a significant level of effort needed here so focusing on ways that point to a return on investment is important.

Communicating Value

One of the most important things we are working on with client Operational Teams is helping them communicate value up to the Board and C level so the teams can obtain access to capital and resources needed to protect their organization. In turn, we are helping Board and C levels understand technology the organization has available to them so they can make informed decisions in support of the operational level requests. Conveying an understanding of Return on Investment is in front of mind.

Advice we give provides a way to minimize the impact of the required regulatory harmonization within the organization. This leads to increasing the efficiency associated with managing “all risks”. 

Evidence of the lack of efficiency and continuity associated with overall risk management is simple to find in the SEC 10k Risk-factor sections of most businesses filing. This transcends to governments and others who are not required to file.

Let’s Have a Discussion

If you are responsible at the Board/C level or Operational level to manage a single risk or overall risk, we welcome a discussion with you. Drop me a line please and follow us on LinkedIn at Fusion3 Consulting

About Fusion3

Fusion3 Consulting is a premier-level ServiceNow partner focusing on Business Continuity, Integrated Risk Management, and GRC. Our team has been highlighted at ServiceNow’s recent first annual Risk event, as one of the ten partners out of 2,000 recognized for our capabilities and specialization in BCM and Integrated Risk Management. http://www.fusion3consulting.com/

Please arrange a meeting with the Author Charlie Tupitza here:   Calendar Invite

Related Posts

About Us

Our team is focused on helping our customers realize the full potential of the ServiceNow platform through flexibility, transparency, and technical leadership.

Let’s Socialize

Popular Post