Media

As a cloud-based solution, ZenGRC deploys simply and quickly (six to eight weeks) even across a large media enterprise. It also provides a unified platform to manage controls across multiple frameworks, and a dashboard that lets CISOs monitor key performance indicators for compliance and IT security efforts.

GET A DEMO
Media

The regulatory burden

The media sector today is a cacophonous place. Barriers to entry are low (a website, a clever headline, and a dream), so media outlets must work insatiably to build total audience and engagement with audience members.

Media outlets must also be nimble, able to push new content via new platforms as they arise on social media: from written essay, to photo montage, to YouTube video, to Twitter chat. Then the outlet must capture data about who interacts with what content, to what extent, and analyze that information to develop revenue strategies.

Media companies can encounter significant regulatory burdens as they go about the business of collecting data on customers and their behavior. Consider some of the data they are likely to collect from website visitors:

  • Name
  • Credit card
  • Address
  • Age
  • Location
  • Social media profiles

 

Much of that data can be subject to protection from multiple laws, that can reach across multiple jurisdictions. A U.S. media outlet, for example, might be subject to Global Data Protection Regulation if it sells goods to EU citizens. Any data collected about minors requires parental consent. Credit card data is protected by federal law.

A critical question is whether the data collected can identify a specific person; even something as simple as a photo submitted in a “Cute Baby of the Week” contest can bring multiple compliance risks.

The compliance objectives:

The compliance objectives:

As media companies build their business based on one or more cloud-based services, compliance obligations start to add up. Media outlets can work with multiple frameworks to achieve those objectives. Credit cards can be secured with the PCI DSS framework. Other sensitive data can be governed by the NIST security protocols. Tracking risk assessments, gap analyses, and remediation efforts across multiple frameworks, however, can be daunting.

Assess vulnerabilities in the network and application layers

Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting social media profiles)

Remediate weaknesses, either through security patches to software or through changes to data collection practices

Map progress on those remediation efforts

Be prepared to report those risk assessments and remediations to other parties as necessary

Diagnosis of breaches when they happen, with disclosure according to breach notification laws

Click on one of the tabs to learn more about ZenGRC's compliance, risk or reporting features.


Centralized Dashboard

Program Progress

Control Completion

ISO audit dashboard

Risk Assessment

Unified Control Management

Map Controls Across Frameworks

ZenGRC risk dashboard

System of record

Streamlined Workflow

Continuous System Monitoring

What can ZenGRC do for you?

As a cloud-based solution, ZenGRC deploys simply and quickly (less than eight weeks) even across a large enterprise. It also provides a unified platform to manage controls across multiple frameworks, and a dashboard that lets CISOs monitor key performance indicators for compliance and IT security efforts.

Even at smaller media related businesses without existing compliance programs, ZenGRC allows you to collect data in a central repository, which in turn gives you more visibility into what your control framework demands and how to move forward with testing, audits, and reports to share with other stakeholders.

Learn More