The Cyber Regulations are Coming. Get Your 2017 Budget Ready Now.

Written by
Published 10/27/2016

Read the news and chances are you’ll see yet another report of a major cybersecurity breach. Big brands and small companies alike, none are immune. So it came as little surprise to see a recent article in Fortune reporting on new cybersecurity regulations for companies in the financial industry from the State of New York. In essence the rules will hold financial firms accountable for preventing cyberattacks by requiring them to encrypt sensitive data and appoint CISOs. What’s more,  they require senior executives to sign off on cyber-compliance. The rules go into effect in 2017. And while they apply only to financial firms licensed by the State of New York, given the sheer number of financial companies in the state,…

When to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Written by
Published 10/24/2016

In our last blog post, we shared the many business benefits of switching to an all-in-one compliance tool. But while the benefits of a GRC software solution are clear, a lot of businesses get hung up on timing, asking when is the right time to implement a GRC tool? Below are three common reasons why businesses put off implementing GRC tools, and responses to why these scenarios are actually the perfect time to get started. “We’re doing just fine using spreadsheets.” Research shows that almost 90% of all spreadsheets have errors. When you talk about the data in your compliance program, a 90% error rate, in most industries, is going to be completely unacceptable. The underlying cause is due to…

Tags: , ,
Categorized in:

Smarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Written by
Published 10/19/2016

Wondering how a GRC software tool can impact your business? Check out another excerpt from our Governance, Risk Management, and Compliance Software Buyer’s Guide to learn about the benefits of implementing an all-in-one GRC tool.   Smarter Compliance, Less Risk Take a look at how an all-in-one tool can reduce your risk of non-compliance while decreasing costs and maximizing revenue, streamlining your audit, and improving accountability. Increase Productivity A GRC tool significantly lowers costs associated with managing compliance programs. First, a GRC tool will streamline and eliminate manual processes and allow teams to more easily become and stay compliant. Second, you will be able to utilize a GRC tool as your single source of truth for everything related to your…

Tags: , ,
Categorized in:

What is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Written by
Published 10/10/2016

Over the next few weeks we will be bringing you excerpts from our new Governance, Risk Management and Compliance Software Buyer’s Guide – A CISO & Compliance Team’s Guide to Purchasing GRC Software. Please enjoy the excerpt from Chapter 1: What is Governance, Risk Management and Compliance (GRC)? Governance, Risk Management, and Compliance, or GRC, is a broad term that covers a company’s approach to and strategy for managing its internal governance, risk, and compliance activities. Governance comprises the rules, structures, and accountability within the company, whether to internal requirements or those imposed from outside. Compliance includes the processes for implementing and reporting the company’s adherence to external requirements, including industry, governmental, and voluntary standards. Risk management ties the entire…

Tags: , ,
Categorized in:

Cut Through Complexity with Consolidated Objectives

Written by
Published 09/12/2016

Compliance is complex stuff. No matter your organization size or industry, chances are you’re wrestling with the challenge of complying with a growing number of regulations. Unfortunately, the burden to manage your compliance and penalties for not being compliant only increases as your business expands. The reality is that requirements and controls in various regulatory frameworks often overlap, and differing schedules for updates or changes to these frameworks can result in a lot of duplicative work and wasted resources for your compliance team. Automated tools can make managing your compliance program a less daunting task, but one of the best ways to simplify your compliance program is to implement consolidated objectives. Simply put, consolidated objectives are common requirements across regulatory…

What you need to know about the AICPA’s SOC 2 Content Update

Written by
Published 08/19/2016

The American Institute of Certified Public Accountants recently updated the criteria for the Trust Services Principles (TSP) related to security, availability, processing integrity, and confidentiality (most commonly reported out using SOC 2 and SOC 3). AICPA Assurance Services Executive Committee (ASEC) published the updated TSP in their latest guidance (note: the documentation is available for purchase, but the content is available as part of a ZenGRC subscription). Reporting periods ending on or after December 15, 2016 will be required to use the updated guidance, though early implementation is permitted. The revisions look to further clarify the criteria and eliminate redundancy—continuing the changes made in late 2014—and reflect how rapidly the technology and business environments are changing. What exactly is changing?…

Tags: , , ,
Categorized in:

ZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More

Written by
Published 08/16/2016

Our latest ZenGRC product release continues to deliver improvements designed to simplify the management of your compliance program. New capabilities now available in v2.4 include: Audit Dashboard Running audits requires a lot of work. Due to a large amount of evidence and correspondence, audits are difficult to project manage and even more difficult to report on. We are pleased to announce our new Audit Dashboard that addresses these hardships. Our goal with this dashboard is to enable a compliance team the ability to project manage and report on an audit. It fulfills 3 main functions: Visibility into Audit Posture: How effective are my controls testing? Visibility into Audit Progress: How close am I to completing assigned objects? Project Management capability,…

5 Tips to Prepare For Your First External Audit

Written by
Published 08/09/2016

Every external audit is different, depending on the scope and the standard against which you will be audited. There are a few key actions that can help you successfully prepare for your first external audit and achieve a favorable outcome. Here are five management tips to help you prepare for an external audit. Understand the standard. An audit is a compliance report based on an external standard. Take the time to read and understand the standard you will be compared to. This is critical to understand the approach the external auditors will take.  Moreover, it will help you avoid taking unnecessary actions by revisiting topics outside the audit’s scope. Also, having a general understanding can help you manage the external…

Tags: , , ,
Categorized in:

“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets

Written by
Published 08/02/2016

Last week, Reciprocity’s resident GRC expert, Aaron Kraus hosted a webinar along with Tim Schmutzler, who heads up the GRC practice at OneGlobe. Titled “Competent Compliance: 3 Ways to Move Beyond Spreadsheets,” Aaron and Tim talked about how to overcome the early hazards of running a compliance program, the pitfalls of Microsoft Excel as a compliance tool, and when and how to move to a cloud-based GRC tool. Some key highlights from the discussion: Every compliance program will eventually outgrow Excel. While Excel has many strengths, it wasn’t meant to manage compliance initiatives. As your program grows in scope and complexity, your manual, spreadsheet-based system will become unmanageable. You CAN manage your compliance program more efficiently with these three easy…

Tags: , , ,
Categorized in:

Join Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets

Written by
Published 07/26/2016

Some companies can get away with using an Excel spreadsheet to track simple compliance requirements. While Microsoft Excel is flexible and powerful, it’s not designed to track compliance initiatives. As organizations mature, companies move away from Excel and towards a compliance software solution. And knowing when you need to make the leap to a more sophisticated compliance management process and comprehensive GRC tools can make a huge difference in terms of audit costs and a pass or fail outcome. What are the signs that using spreadsheets to track your compliance program has become totally impractical? And how do you know when you’ve outgrown Excel? Join Aaron Kraus, Head of GRC Services for Reciprocity, and Timothy Schmutzler, Global Practice Director at…

Tags: , , ,
Categorized in: