ZenGRC has new audit functionality and redesigned emails!

Written by
ZenGRC version 1.95.1.2 release

In ZenGRC version 1.95.1.2, we’ve re-imagined the audit module with deeper, more practical functionality. Keep track of test plans We now allow you to assess controls based on their test plan, and create both requests and issues based off these investigations. When creating and updating controls, you’ll notice a new stock attribute, called Test Plan. This field is important because it gets pulled into control assessment in Audit module when you are ready to create an Audit. Remediate test plan results If you open the Audit module and LHN (left hand navigation), you’ll notice 2 new objects: Control assessments Issues Control assessments can be generated in an Audit based off in-scope controls that are mapped to any given program. “In-scope controls”…

Tags:
Categorized in:

5 Things to Know as You Prepare for a Compliance Audit

Written by
workflow for your audit management process

5 Things to Know as You Prepare for a Compliance Audit   This post was originally published on SmartDataCollective. For most cloud service providers, a compliance audit is, at best, a necessary evil — the root canal of the business world. Like a root canal, it can be a painful process that you regret about halfway through, even if you know it’s good for you. But just as you can avoid root canals with proper dental hygiene and regular checkups, the pain of compliance audits can be avoided with proper preparation. You need to see compliance audits as an integral part of your company culture that help maintain standards over each internal control, rather than as an annual nuisance that…

Tags: ,
Categorized in:

Sourcing Responsibility to Vendors Could Be Your Biggest Mistake

Written by
Third Party Vendor Management Audit Program

This post was originally published on SCORE. In a recent survey, the Institute of Internal Auditors Research Foundation found that third-party vendors play an important role in about two-thirds of businesses across the country. For small businesses especially, this business practice has become the norm, and for good reason. Vendors can cut costs and increase the efficiency of your company significantly, giving you the freedom to focus on what you do best at the lowest possible cost. Still, this trend comes with its own set of drawbacks. In particular, companies have begun to confuse the outsourcing of business processes with the outsourcing of responsibility. As a result, they’ve created massive security vulnerabilities. In fact, the same IIA survey found that third-party…

Tags: ,
Categorized in:

5 Steps to Build Processes that Safeguard your Most Sensitive Data

Written by
data security

This post was originally posted on SMB CEO. It seems like major corporate data breaches have become all too common. In fact, they’ve become so common that you might have become immune to such news. If you own or run a small business, you might think protecting sensitive data is not something you have to worry about. But you’d be surprised by the amount of information you collect and need to protect. From credit card numbers and addresses to phone numbers and financial and medical information, it starts to add up pretty quickly. That’s why you need to establish processes for handling sensitive information. Of course, creating solid processes for handling data is common in the corporate world, but oftentimes,…

The Rise of GRC is caused by the Rise of the Cloud

Written by
rise of GRC

The new generation of companies (like Twitter and Uber) go from zero dollars to billions in five years, not 50. Enterprise software startups land bigger deals, faster, because they are more agile than 20 years ago, and they deliver their offerings via the cloud.  All of them are getting hit with risk and compliance issues much earlier in the life of their companies.  Why? 20 years ago, when a vendor sold software, they would give the customer a CD, and nobody cared about the vendor’s internal house.  Things were easy, nobody cared much about compliance. But 10-15 years ago the cloud started to rise.  The world shifted to subscription models and logins, and suddenly enterprise customers started to care about…

Tags: ,
Categorized in:

Selecting the Right Service Organization Control Report for Outsourced Operations

Written by
Selecting the Right Service Organization Control Report for Outsourced Operations

This post was originally published on BusinessTips.com. Joe from the marketing department could lose his documents if your outsourced infrastructure isn’t secure. That might not seem like the end of the world (unless you’re Joe), but if a bank’s website goes down, the bank loses money. To help protect you from this situation, the American Institute of CPAs established Service Organization Control reports. While addressing these requirements can be tedious, these reports ensure that service organizations are keeping a close eye on businesses’ information. These reports provide a standardized way to evaluate and report on internal controls at service organizations. But understanding which SOC report is best for your business can be complicated if you’re not fully informed. Increased Outsourcing…

Tags: , , , ,
Categorized in:

ZenGRC has a new dashboard, custom attributes, and more!

Written by
ZenGRC April '15 release- ZenGRC dashboard

ZenGRC’s latest release comes with several new feature updates. New look and feel with the quick start dashboard. New dashboard shows workflow status, my tasks, and my requests. It also allows you to create and search for new objects easily. New left hand navigation – click on the menu button (3 lines) to expand or hide: Custom attributes for any object – Open the Admin dashboard to add custom fields for any objects. To import controls with custom attributes, just add the attribute title as a new column in the import template. Object filter – need to sort through hundreds of objects? Type in a keyword to narrow down the list. Show/hide horizontal navigation menu button (found near top right of screen):…

Tags:
Categorized in:

How FedRAMP Compliance Can Give You a Competitive Edge

Written by
FedRAMP

This post was originally published on Cloud Computing Journal. When describing cloud computing, terms like highly scalable, efficient, and on-demand probably come to mind. Unfortunately, those same descriptors aren’t commonly associated with operations in the federal government. In 2010, the White House’s Office of Management and Budget set out to change that with the Cloud First Policy. Through cloud computing, the OMB aimed to help federal agencies consolidate and provide new services cheaper and faster. But with cloud adoption comes the heightened challenge of ensuring a secure and trustworthy environment. That’s where FedRAMP comes in. FedRAMP defines the requirements for cloud service providers’ security controls, including vulnerability scanning, incident monitoring, logging, and reporting. CSPs in use at federal agencies or…

Tags: ,
Categorized in:

5 tips to implement Agile Compliance

Written by
Agile Compliance

Agile companies do things faster.  You must be agile yourself, and that means running your compliance effort in an agile way. About ten years ago, the software development industry moved towards rapid iteration, quick improvements, and moving faster.  Agile Development has become ubiquitous, particularly in startups. Over the last few years, these agile concepts moved from software development to startup business processes in the “Lean Startup” model: all about quick wins, ruthless prioritization, external focus, and continuous improvement. Fast growing billion dollar startups fear that they won’t be able to stay agile, and large companies need to become more agile to compete with them.  Much of that fear comes from their perspective that things like compliance will slow them down. But this doesn’t have…

Tags: , ,
Categorized in:

Welcome to the Zen of GRC

Written by
Tree

Welcome to the Zen of GRC – a new voice in the world of governance, risk management, audits, and compliance. For many companies, the challenges of compliance can be at odds with innovation. They spend valuable time and resources struggling with a compliance burden that is growing in both complexity and size. Yesterday’s approach of disjointed spreadsheets, emails, documents, and manual processes stifles innovation rather than supporting it. But when companies are growing from zero to billions in no time flat, it’s all the more important that they govern their compliance requirements effectively in order to scale properly. Every company, from the smallest startup to a giant corporation, must find an agile way to deal with their compliance needs. That is…

Tags:
Categorized in: