Category: News

IT Audit Checklist for Your IT Department

Written by
Published 04/02/2020

A major problem with your information technology (IT) systems can totally disrupt your business, costing you time and money while you wait for repairs. An IT audit checklist helps ensure that your IT department has the necessary tools to secure your network and avoid these expensive repairs.  What to Include in Your IT Audit Checklist Your IT audit checklist should cover these four areas: Physical and Logical Security It’s important to understand the physical security your company has in place to safeguard sensitive corporate data. Therefore, your audit checklist should include whether server rooms can lock and if individuals need security badges to enter.  It’s also critical to assess your network for security vulnerabilities. This includes: Ensuring that all procedures…

Categorized in:

Threat, Vulnerability, and Risk: What’s the Difference?

Written by
Published 03/31/2020

In casual conversation, threats, vulnerabilities, and risks are often talked about interchangeably. The reality is that the three are quite different. Threats represent something that might happen. Vulnerabilities show that systems have inherent weaknesses attackers may exploit. Risks keep business owners up at night by shining a light on potential harm inherent in running an enterprise. Cybersecurity, risk management, and security programs all revolve around helping to mitigate threats, vulnerabilities, and risks. Cybercriminals often take advantage of incomplete programs in order to successfully attack organizations.  Threat Most organizations take action against credible threats before they happen. Natural threats can be planned for by understanding what has happened before. An example would be floods, tornados, or earthquakes.  Threat actors, on the…

Categorized in:

What Are SOX Compliance Requirements?

Written by
Published 03/26/2020

The Sarbanes-Oxley (SOX) Act was signed into law on July 30, 2002. The law drafted by congressmen Paul Sarbanes and Michael Oxley aimed to improve corporate financial governance and accountability while protecting shareholders from accounting errors and fraudulent activity.  The real fuel for the SOX law came from the inappropriate financial conduct of three large companies Enron, Tyco, and WorldCom. SOX compliance impacts every public company in the United States and is the basis for financial data security. One of the largest effects that the Sarbanes-Oxley Act of 2002 had on public companies is how to store corporate electronic records. The law doesn’t necessarily dictate how the records should be stored, but it does specify what kind of records should…

Categorized in:

IRM, ERM, and GRC: Is There a Difference?

Written by
Published 03/24/2020

Risk management has become a veritable alphabet soup. The advent of the digital age is partly to blame. Virtually every organization is “going digital,” in a growing number of areas. Retail is now “e-tail”; manufacturing plants are increasingly automated; nearly every step of the hiring and contracting process happens online, from the application process to background checks to payroll and beyond. Every connected device and network opens the business to the risk that someone will breach its systems. The danger increases that unauthorized entities might gain access to private and proprietary information, or cause a disruption of critical services, or shut the business down. As risks grow and change, so do the ways to manage them. New products, services, and…

Categorized in:

COVID-19: Response and Preparedness through the lens of Risk Management

Written by
Published 03/23/2020

Responding to a New, Global Threat The old adage warns “An ounce of prevention is worth a pound of cure.” The saying becomes even more pointed for threats that, unfortunately, do not yet have a cure. But the lessons of risk management offer a path forward, where prevention takes the form of avoiding, mitigating or reducing risks. As people and organizations confront COVID-19, the novel threat has inspired an array of new strategies to combat the pandemic. Social distancing, self-isolation, sheltering in place—efforts to stop the COVID-19’s spread leverage risk management principles to fight a public health threat. Applying Risk Management Principles During the COVID-19 Pandemic Some businesses have mature risk management programs and apply its principles to any new…

Tags: ,
Categorized in: ,

Audit Checklist for Social Compliance

Written by
Published 03/19/2020

A social compliance audit, also known as a social audit, is an effective way to determine if an organization is complying with socially responsible principles. Social compliance refers to how a company protects the health and safety as well as the rights of its employees, the community, and the environment where it operates in addition to the lives and communities of workers in its distribution chain and its supply chain. Social compliance also refers to an organization’s perspective on corporate social responsibility (CSR). Social compliance audits, which are voluntary, are typically performed by independent social compliance auditors who conduct these audits on suppliers’ external facilities, such as factories and farms. Although social compliance audits may differ slightly depending on the industry, the requirements for each social compliance audit is typically the same. When conducting a social compliance audit, an auditor follows…

Categorized in:

How is COBIT Related to Risk Management?

Written by
Published 03/17/2020

First released in 1996, Control Objectives for Information and Related Technology (COBIT) is a framework developed by the Information Systems Audit and Control Association (ISACA) that can help you create and implement strategies around IT management and IT governance.  The COBIT management framework helps you deal with the risks to enterprise IT and the impacts those risks can have on your company, business processes, and IT systems.  It’s no secret that cybercrime is increasing and hackers are always looking for new methods to infiltrate your IT systems despite whatever information security measures you have in place. That’s why risk assessment and IT risk management should be part of your organization’s information security. Assess and manage IT risk Assessing and managing…

Categorized in:

Key Steps to Manage Operational Risk

Written by
Published 03/17/2020

Operational Risk Management for COVID-19 Earlier this week, we shared the Reciprocity response to COVID-19. As the seriousness of this pandemic grows, our thoughts are with all of our employees, customers, and partners who are affected. We want to reiterate that our priority is to uphold our commitment to our customers. We know that many of you are concerned about the impact on your business operations, specifically supply chain issues you might be experiencing or anticipating. Vendor risk management is central to our ZenGRC platform, and we wanted to share steps to manage operational risk in light of COVID-19 “Pandemic” is a term that is documented in the threat catalogs of nearly every organization’s third-party risk management program. With the…

Categorized in: ,

Reciprocity’s Response to COVID-19

Written by
Published 03/16/2020

With the recent global pandemic of COVID-19, Reciprocity is taking appropriate actions to continue business and platform operations maintaining our uptime SLA. Reciprocity staff is a global team located across the U.S., Europe, and Argentina with a majority of our team already working remotely prior to this pandemic. We have taken additional measures to ensure our engineering and support staff continue to meet our customers’ needs. Along with CDC guidance, all company travel has been suspended. Any planned onsite work will be postponed until further notice and all support will be conducted remotely. We have implemented additional training and monitoring to ensure that all of our customers see no drop from the high level of support and service we always…

Categorized in: ,

Inherent Risk in the Retail Industry: What You Should Know

Written by
Published 03/12/2020

The retail industry is undergoing an incredible transformation as emerging technologies, omnichannel shopping, as well as digital and social media, compel organizations to figure out how to operate more efficiently and better accommodate customers.  Leaders of companies in the retail industry understand the importance of the digital forces at work in the sector and are looking more closely at the inherent risks these digital forces present.  Every business comes with inherent risks, and running an e-commerce website or retail store isn’t any different. As more consumers shop online, e-commerce crimes are increasing and retailers are becoming more vulnerable. Consequently, as organizations in the retail industry develop innovative ways to meet consumer demand, they also have to find better approaches for…

Categorized in: