Out of Order: 5 Compliance Projects Gone Terribly Wrong

Written by - May 26, 2017

No one wants to admit that compliance can go horribly wrong, but it does happen. If you’re worried about how to handle a problem, Reciprocity’s seasoned GRC experts can assure you they’ve seen it all. In this webinar, Matt Kelly, Editor of Radical Compliance talks with our own Aaron Kraus, Dave Schmoeller, and Dave Driggers as they share their stories of working on implementation projects, how projects can detour, and what compliance executives should focus on during GRC implementation. Aaron Kraus Reciprocity’s director of GRC security has consulted in every field necessary including government, financial services, and healthcare in a variety of roles including designing, implementing, and auditing. He’s also experienced in teaching CISSP exam preparation, Mac OSX, Microsoft SharePoint,…

Infosec Standards and Regulations: A Primer Sorting Compliance By Hogwarts House

Written by - May 23, 2017
Infosec Standards and Regulations

Infoc standards and regulations being sorted into Hogwarts houses seems silly, but it helps organize the way we think of them.

The Fine Art of Scoping a SOC 2 Audit

Written by - May 16, 2017
SOC 2 Audit

Once upon a time, performing a SOC 2 audit was a rite of passage for service companies: “Wow, we’re so successful now that big clients want us to do important things, and we need a SOC 2 audit to prove our street cred!” Times have changed. In today’s cybersecurity world, the SOC 2 audit is more like a fact of life: “Yikes, if we can’t pass a SOC 2 audit to document our security controls, nobody will give us the time of day.” That’s no easy task for a small firm, and setting the scope of your SOC 2 audit correctly is crucial. Define the scope too narrowly, and you might not give the assurance your customers will want—prompting more…

Tags: , ,
Categorized in:

Sarbanes-Oxley Act IT Primer: Everything You Need to Know

Written by - April 27, 2017

The Sarbanes-Oxley Act of 2002, more commonly referred to as SOX, is a law that implements regulations on publicly traded companies. In 2002, the US Congress passed the Sarbanes-Oxley Act after a series of public scandals by large corporations such as Enron Corporation, Tyco International PLC, and WorldCom that led to a stock market plummet only a few months before the 2002 elections. The legislation intended to quell public fears of corporate misconduct and to require greater accountability by management and Boards of Directors when reporting financial data. However, Sarbanes-Oxley turned into a larger and more complex piece of legislation than originally planned. The Major Provisions of Sarbanes-Oxley The Sarbanes-Oxley Act presented five main provisions. First, it created the Public Company Accounting Oversight Board (PCAOB) and…