Information Risk Management

Awareness Raising: Making “The Risk, Our Information Your Responsibility”

Mark LogsdonLead Information Risk Manager, Barclays

2Strictly Confidential - Barclays Bank (c) 2007

3Strictly Confidential - Barclays Bank (c) 2007

Process and timescales

The Idea!

ID Film Company & Agree Script

Shoot

Editing

Time

Release

1 Week

4 Weeks

2.5 Months

6 Weeks

March 08

4Strictly Confidential - Barclays Bank (c) 2007

The Idea – The Brief

An ‘awareness’ raising film for the 2000+ Group Centre Staff. However,

Designed so that it could be widely used across the business. Something that wouldn’t quickly date. Awareness, not mandated. Light hearted, different and not like a traditional Barclays film. 20 minutes long. Multiple delivery channels and languages. Part of an holistic awareness campaign. We had to own the IP. Important!

5Strictly Confidential - Barclays Bank (c) 2007

The Idea - Agreeing the content

Information Risk Steering Committee IRM Heads from across the business Each has its own risk appetite

5 messages or ‘Principle Behaviours’ Be aware of Information Risks Use technology and software appropriately Protecting our integrity Protect information and data Understand your personal responsibilities

Takes time, but gets buy-in.

6Strictly Confidential - Barclays Bank (c) 2007

Film Company and Script

We looked at 3 production companies. Decided upon Twist and Shout. – www.twistandshout.co.uk

Small, Leicester based firm, who understood the need for holistic campaign and for a multifaceted product.

Their idea was to produce 5 short films. Each would be shot in a different film genre, each covering one of the 5 Principle Behaviours, each aligned to a poster that would deliver further messages relating to the behaviour.

Also a longer film, a ‘mockumentary’, that shows the making of these films. Contained further messages.

Not shot in the bank, rarely uses the word ‘bank’ and never uses the word ‘Barclays’.

The proposal was certainly different and not like anything I had seen in Barclays. It was risky.

We needed to mitigate and manage this.

7Strictly Confidential - Barclays Bank (c) 2007

Film Company and Script – Our Board of ‘Censors’

Gathered key stakeholders to review the idea and the script Legal, compliance, audit, marketing, comms etc We also kept the IRSC informed

I made a mistake! They were dubious, but agreed. Lots of conversations with Twist and Shout to get the ‘script’ right

and make sure that it covered the right issues in an acceptable way. Important!

8Strictly Confidential - Barclays Bank (c) 2007

The Shoot

Exotic locations – Nottingham and Leicester! Be there. Why? Not to interfere, but to advise. - IRM issues, IT technology. Provide immediate input into the script, e.g. compliance. Ownership. I was nervous up to this point, but seeing it come

alive made me realise that we could make it work.

9Strictly Confidential - Barclays Bank (c) 2007

Editing

Over 4 hours of film was shot. We wanted 20 minutes for the main film.

Art v Business clash. “It’ll be as long as it’ll be to preserve its integrity”. Be strong and brutal.

We spent a lot of time getting them to make cut after cut. Board of censors agreed the final cut, confirming that we were not

breaking any internal ‘rules’.

10Strictly Confidential - Barclays Bank (c) 2007

Editing – what we got

Film trailer. A (500) DVD, inc artwork, containing 3 products

Main Film 22 minutes long 5 x Modular Films lasting between 90 seconds and 2 minutes each - Access

Denied, A Time to Tell, The Hush, Les Perdus, The Invaders of Space. The 5 Modular Films that run consecutively for 9 minutes

Subtitled in Arabic, English, French, Italian, Portuguese & Spanish (easy to add more).

5 (1000) different movie style postcards (also available on the DVD).

5 x HTML Emails based on the 5 movie posters. NTSC version of the DVD created. VHS version. The master copy.

11Strictly Confidential - Barclays Bank (c) 2007

Release

A ‘World Premier’ and ‘General Release’. World Premier – and event. Invited guests – IRSC, Censors, and

IRM contacts from across the business. Linked to IRM awards night. Hosted by one of the characters in the film. Many believed that he really worked for us!

Created a buzz. About two weeks later the film went on general release via the

Intranet. Coincided with an advertising campaign. Posters in tea points, printing hubs, toilets etc across the business.

DVD’s available on request to colleagues.

12Strictly Confidential - Barclays Bank (c) 2007

Release – The Films

13Strictly Confidential - Barclays Bank (c) 2007

Release -Posters

14

Further Awareness Raising - Mandated Computer Based Training Package For Group Centre

Went live in September. Mandated for Group Centre

Staff. Builds on the messages

contained in the Risk Film. Interactive Takes approximately 20

minutes to complete. Used similar methodology to

deliver it. Delivered ahead of time and

in budget.

15

Further Awareness Raising - Road Shows, Delivering Group Messages

Participants:•Privacy Programme•Group Privacy•Group IRM, inc’ Grp Centre IRM•GRCB (T) – Information Security•Group Financial Crime•Wealth IRM•GRCB IM.

16

Further Awareness Raising - Privacy

17

Further Awareness Raising - Privacy

18

Further Awareness Raising - Privacy

19Strictly Confidential - Barclays Bank (c) 2007

Impact

Amazing! Not just used in Group Centre (original brief) but globally across the business.

Daily requests for copies of the DVD. Used for training. Hits on our website have seen a >10 fold increase. Colleagues view one of the modules and are drawn into to see the

other films I’m here! Thank you! Much external interest – NB we own the IP

rights! – about film and general awareness campaigns. The film is nominated for industry awards. Sadly not Oscars! Road show competition – 20% of site population entered 00’s of visitors to our stand Seeking to produce a methodology to measure understanding.

20

Impact – Recognition & Winners!

UK and Ireland Project Award Winner 2008

UK Retail Bank eChannels 27001 ISO Certification

21Strictly Confidential - Barclays Bank (c) 2007

Conclusions

It can be a dry subject. Make the delivery of messages interesting. But it’s risky.

Involve your stakeholders. Work with them. Understand what you want to say. Don’t over complicate. Identify what you want to use the messages for – Awareness

raising, training etc. Understand the delivery channels early. May affect the brief to the

production company (film) and may delay release. Work closely with the production company. Be on the set. Be

strong with them. Own the IP. Think holistically about the campaign. Launch with a bang and not a whimper. Memorable.

22Strictly Confidential - Barclays Bank (c) 2007

Questions and Contact Details

Mark Logsdon

mark.logsdon@barclays.com

+44(0) 207 116 8439