The Regulatory Burden

The media sector today is a cacophonous place. Barriers to entry are low (a website, a clever headline and a dream), so media outlets must work insatiably to build total audience and engagement with audience members.

Media outlets must also be nimble, able to push new content via new platforms as they arise on social media: from written essay, to photomontage, to YouTube video, to Twitter chat. Then the outlet must capture data about who interacts with what content, to what extent, and analyze that information to develop revenue strategies.

Media companies can encounter significant regulatory burdens as they go about the business of collecting data on customers and their behavior. Consider some of the data they are likely to collect from website visitors:

  • Name
  • Credit card
  • Address
  • Age
  • Location
  • Social media profiles

Much of that data can be subject to protection from multiple laws that can reach across various jurisdictions. A U.S. media outlet, for example, might be subject to Global Data Protection Regulation if it sells goods to EU citizens. Any data collected about minors requires parental consent. Credit card data is protected by federal law.

A critical question is whether the data collected can identify a specific person; even something as simple as a photo submitted in a “Cute Baby of the Week” contest can bring multiple compliance risks.

Compliance Objectives

As media companies build their business based on one or more cloud-based services, compliance obligations start to add up. Media outlets can work with multiple frameworks to achieve those objectives. Credit cards can be secured with the PCI DSS framework. The NIST security protocols can govern other sensitive data. Tracking risk assessments, gap analyses and remediation efforts across multiple frameworks, however, can be daunting.

  • Assess vulnerabilities in the network and application layers.
  • Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting social media profiles).
  • Remediate weaknesses, either through security patches to software or through changes to data collection practices.
  • Map progress on those remediation efforts.
  • Be prepared to report those risk assessments and remediations to other parties as necessary.
  • Diagnosis of breaches when they happen, with disclosure according to breach notification laws.
Slider Image

Ebooks

March 25, 2019

Vendor Risk Management: The Basic Need for It. The Basic Principle of It.

Read Ebook
March 25, 2019

Struggling with GRC? It’s Time to Take Charge

Read Ebook
March 25, 2019

Is it Time to Evolve Your Compliance Program?

Read Ebook
March 25, 2019

Reduce PCI DSS Scoping — and Risk

Read Ebook
March 25, 2019

Get Compliant. Stay Innovative.

Read Ebook
March 25, 2019

GRC Software Buyer’s Guide

Read Ebook
March 25, 2019

Driving Your Business Forward Through Effective Vendor Risk Management

Read Ebook
March 25, 2019

Cut Through Compliance Complexity with Consolidated Objectives

Read Ebook
Slider Image

Guides

April 3, 2020

Response and Preparedness for COVID-19

Read Guide
March 17, 2020

Operational Risk Management

Read Guide
March 17, 2020

Business Continuity Checklist for Planning and Implementation

Read Guide
March 17, 2020

Business Continuity vs Disaster Recovery: Whats the Difference

Read Guide
March 17, 2020

Why you need a vendor risk management policy

Read Guide
March 17, 2020

Best Practices in Cyber Supply Chain Risk Management

Read Guide
March 17, 2020

How Effective Vendor Risk Management Can Drive Your Business Forward

Read Guide
March 17, 2020

Proactive vs. Reactive Risk Management Strategies

Read Guide
March 17, 2020

InfoSec as Business Continuity

Read Guide
March 17, 2020

How to Manage Technological Risks?

Read Guide
March 17, 2020

What is Supply Chain Compliance?

Read Guide
March 17, 2020

What is the Primary Objective of Data Security Controls?

Read Guide
December 16, 2019

Guide to COSO Framework and Compliance

Read Guide
December 9, 2019

California Consumer Privacy Act (CCPA) Compliance Guide

Read Guide
June 28, 2019

Preparing for a HITRUST audit – A Step by Step Guide – Part 1

Read Guide
June 28, 2019

Preparing for a NIST Audit: A Step-by-Step Guide

Read Guide
May 10, 2019

Preparing for a SOX Audit Using COSO: Internal Controls and Security at the Heart of SOX

Read Guide
March 25, 2019

ZenGRC Product Info: ZenGRC Compliance Content

Read Guide
Slider Image

Webinars

July 21, 2020

CCPA Enforcement Alert: What To Do NOW To Avoid Penalties

Watch Webinar
July 7, 2020

Top Initiatives for Infosec Teams to Consider in Implementing Business Continuity & Resiliency

Watch Webinar
July 1, 2020

Top Strategies for Digital Risk Protection

Watch Webinar
June 25, 2020

How To Prepare For A CCPA Audit

Watch Webinar
June 22, 2020

Learn how to get more work done with ZenGRC & ServiceNow

Watch Webinar
October 25, 2019

Realizing Business Value from Your Organization’s GRC

Watch Webinar
March 25, 2019

Vendor Risk Management: What your organization can and cannot do under the GDPR

Watch Webinar
March 25, 2019

Increasing Efficiency of Compliance and Risk Auditing

Watch Webinar
March 25, 2019

How GRC planning protects your company’s brand against the next cyberattack

Watch Webinar
March 25, 2019

GRC: Audit and Risk Assessments Made Easy

Watch Webinar
March 25, 2019

Do It Yourself GRC: It’s That Easy

Watch Webinar
March 25, 2019

Blazing the Trail: Develop a Compliance and Risk Management Plan in 6 Weeks

Watch Webinar
March 25, 2019

7 Steps to Creating an Effective User Access Review Program

Watch Webinar
March 25, 2019

5 Time-Saving Steps To Stand Up Your Company’s Compliance Program

Watch Webinar
March 25, 2019

5 Compliance Projects Gone Terribly Wrong

Watch Webinar
March 25, 2019

4 Qualifying Questions You Should Ask When Evaluating a GRC Tool

Watch Webinar
March 20, 2019

How to Prepare for COBIT 2019 Compliance

Watch Webinar
September 24, 2018

A beginners guide to standing up your risk program

Watch Webinar
October 30, 2017

How to Prepare for an ISO 27001 Audit

Watch Webinar
Slider Image

Articles

November 7, 2020

November 2020: Compliance Certification Roundup

Read Article
October 13, 2020

October 2020: Compliance Certification Roundup

Read Article
September 1, 2020

September 2020: Compliance Certification Roundup

Read Article
August 20, 2020

August 2020: Compliance Certification Roundup

Read Article
August 4, 2020

Network Security Audit Checklist

Read Article
July 14, 2020

6 Benefits of Internal Auditing

Read Article
July 2, 2020

July 2020: Compliance Certification Roundup

Read Article
June 23, 2020

Strategies for Digital Risk Protection

Read Article
June 18, 2020

How to Adjust Business Continuity Plans for COVID-19

Read Article
June 9, 2020

June 2020: Compliance Certification Roundup

Read Article
June 4, 2020

How the COSO Framework Helps You Comply with SOX

Read Article
June 2, 2020

What are the Elements of an Integrated Risk Management System?

Read Article
May 28, 2020

5 Strategies to Mitigate Business Risk During Coronavirus

Read Article
May 26, 2020

Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

Read Article
May 25, 2020

May 2020: Compliance Certification Roundup

Read Article
May 21, 2020

COVID-19: Importance of Ethical Leadership During a Crisis

Read Article
May 20, 2020

COVID-19: User Access Management Best Practices

Read Article
May 14, 2020

What is Compliance Oversight?

Read Article
May 12, 2020

11 Proven Risk Mitigation Strategies

Read Article
May 8, 2020

How to Comply with GDPR

Read Article
May 7, 2020

Risk Management Process

Read Article
May 6, 2020

Coronavirus-Themed Cyberattacks To Watch Out For

Read Article
May 5, 2020

Tips for Managing Third-Party Risk in Health Care

Read Article
May 4, 2020

7 Pandemic Risk Management Tips to Implement Now

Read Article
May 1, 2020

How Nevada’s SB220 Compares to CCPA

Read Article
April 30, 2020

The Difference Between Vulnerability Assessment and Vulnerability Management

Read Article
April 29, 2020

What Compliance Lessons Can We Learn From Past Pandemics?

Read Article
April 28, 2020

FCPA compliance checklist

Read Article
April 21, 2020

How to Prevent Third-Party Vendor Data Breaches

Read Article
April 17, 2020

COVID-19 Compliance Considerations for Remote Employees

Read Article
April 14, 2020

Pros and Cons of the FAIR Framework

Read Article
April 9, 2020

How to Conduct a Vulnerability Assessment

Read Article
April 7, 2020

What is a Vulnerability Management Program?

Read Article
March 31, 2020

Threat, Vulnerability, and Risk: What’s the Difference?

Read Article
March 26, 2020

What Are SOX Compliance Requirements?

Read Article
March 24, 2020

IRM, ERM, and GRC: Is There a Difference?

Read Article
March 23, 2020

COVID-19: Response and Preparedness through the lens of Risk Management

Read Article
March 19, 2020

Audit Checklist for Social Compliance

Read Article
March 17, 2020

How is COBIT Related to Risk Management?

Read Article
March 17, 2020

Key Steps to Manage Operational Risk

Read Article
March 16, 2020

Reciprocity’s Response to COVID-19

Read Article
February 27, 2020

Inherent Risk vs. Control Risk: What’s the Difference?

Read Article
February 20, 2020

Proactive vs Reactive Risk Management Strategies

Read Article
February 18, 2020

Why You Need a Vendor Risk Management Policy

Read Article
February 13, 2020

CCPA Exemptions: The California Consumer Privacy Act and the Gramm-Leach-Bliley Act

Read Article
February 11, 2020

Best Practices in Cyber Supply Chain Risk Management

Read Article
February 10, 2020

Proactive vs Reactive Risk Management Strategies

Read Article
February 6, 2020

The Difference Between Strategic and Operational Risk

Read Article
February 5, 2020

The Debut of Advanced ZenGRC Risk Management

Read Article
January 8, 2020

Top 5 Predictions for InfoSec GRC in 2020

Read Article
December 31, 2019

Business Continuity Checklist for Planning and Implementation

Read Article
December 19, 2019

Cybersecurity Audit Checklist

Read Article
December 6, 2019

Key Takeaways from the CCPA Audit Webinar with Dr. Maxine Henry

Read Article
December 5, 2019

The Differences Between SOX 302 and 404 Requirements

Read Article
December 3, 2019

How to Map PCI DSS to the NIST Cybersecurity Framework

Read Article
September 19, 2019

Sox Management Review Controls

Read Article
August 16, 2019

ZenGage #AMA Series with Dr. Maxine Henry on the CCPA

Read Article
June 13, 2019

Applying Big Data to Risk Management

Read Article
June 10, 2019

How to Manage Technological Risks?

Read Article
May 9, 2019

What are Internal Control Weaknesses?

Read Article
May 7, 2019

Continuous Auditing vs Continuous Monitoring

Read Article
April 23, 2019

What You Need to Know About California’s New Data Protection Law

Read Article
April 18, 2019

Workflow Automation For Compliance

Read Article
April 16, 2019

How to Audit Governance

Read Article
April 4, 2019

The Responsibilities of a Compliance Manager

Read Article
April 2, 2019

How to Build a Compliance Program

Read Article
March 28, 2019

Audit Performance Metrics: Measuring Internal Audit Performance

Read Article
March 26, 2019

How to Improve Compliance in a Company

Read Article
March 20, 2019

Big Data in Auditing and Analytics

Read Article
March 19, 2019

What is the Primary Objective of Data Security Controls?

Read Article
March 12, 2019

Student Data Privacy Laws by State

Read Article
March 7, 2019

CCPA vs. GDPR Compliance

Read Article
March 5, 2019

Understanding the CCPA Compliance Requirements

Read Article
February 5, 2019

6 Steps To Performing a Cybersecurity Risk Assessment

Read Article
January 31, 2019

What Does a Compliance Manager Do?

Read Article
January 22, 2019

Important KPIs for Successful Vendor Management

Read Article
January 17, 2019

How To Get Compliant and Stay Agile

Read Article
January 15, 2019

GDPR Requirements for Cookie Policies

Read Article
January 8, 2019

eBook: Compliance Management Best Practices

Read Article
January 2, 2019

What Does a Compliance Management System Look Like?

Read Article
December 27, 2018

What is Vendor Risk Management (VRM)? The Definitive Guide

Read Article
December 18, 2018

Effective Workflow For Your Audit Management Process

Read Article
December 13, 2018

How Effective Vendor Risk Management Can Drive Your Business Forward

Read Article
December 11, 2018

Cloud Security vs Traditional Security

Read Article
December 6, 2018

A Compliance Tracking Tool Roadmap

Read Article
November 29, 2018

GRC Management Software Buyer’s Guide

Read Article
November 27, 2018

What is a Risk Management Plan?

Read Article
November 20, 2018

Third Party Vendor Management Audit Program

Read Article
November 13, 2018

Risk Assessment vs Risk Analysis

Read Article
November 6, 2018

Audit Requirements for Private Companies in the United States

Read Article
November 1, 2018

How to Monitor Compliance?

Read Article
October 30, 2018

Risk Prioritization in Project Management

Read Article
October 25, 2018

What is Records Management & Compliance?

Read Article
October 23, 2018

Data Analytics Strategy For Internal Audit Effectiveness

Read Article
October 16, 2018

How Technology Helps You Better Manage Compliance

Read Article
October 11, 2018

The Difference Between Business Continuity and Disaster Recovery

Read Article
October 4, 2018

Third-Party Due Diligence Best Practices

Read Article
October 2, 2018

Effective Social Media Risk Management

Read Article
September 27, 2018

Vendor Management Workflow for Vendor Risk Assessments

Read Article
September 26, 2018

How to Reduce Operational Risk in Banking

Read Article
September 20, 2018

KPI’s For Measuring Compliance Effectiveness

Read Article
September 11, 2018

How Connected Data is Transforming Risk Management

Read Article
September 6, 2018

What is Continuous Auditing?

Read Article
August 16, 2018

Audit Log Best Practices For Information Security

Read Article
August 14, 2018

Continuous Monitoring for Real Time Compliance

Read Article
August 8, 2018

The Road to Continuous Compliance

Read Article
August 7, 2018

How Big Data Analysis Helps Compliance & Business Leaders Make Better Decisions

Read Article
August 2, 2018

What is the CISO’s Role in Risk Management?

Read Article
July 23, 2018

How Vendor Risk Management Can Impact Your GDPR Compliance

Read Article
July 10, 2018

How Can RMIS Support Risk Management?

Read Article
July 3, 2018

A Plan To Help You Successfully Manage Your Vendors

Read Article
June 21, 2018

Who’s really responsible for third-party vendor breaches

Read Article
June 14, 2018

The most important part of GDPR compliance

Read Article
June 12, 2018

Internal Controls & Fraud Prevention

Read Article
June 5, 2018

5 Steps to GDPR Compliance

Read Article
May 28, 2018

The real reason you should fear the GDPR deadline

Read Article
May 24, 2018

Key Steps To Becoming NIST Compliant | Reciprocity

Read Article
May 15, 2018

What you should know about Secure Controls Framework (SCF)

Read Article
May 3, 2018

COSO ERM vs ISO 31000

Read Article
May 1, 2018

What Are The Differences Between COBIT & COSO

Read Article
April 17, 2018

An Automated Approach To IT GRC Management

Read Article
April 10, 2018

An Automated Approach To SOX Testing

Read Article
March 29, 2018

What is Risk Management in Project Management?

Read Article
March 27, 2018

5 Enterprise Risk Management (ERM) Steps

Read Article
March 20, 2018

5 Steps To Developing A Corporate Compliance Program

Read Article
March 19, 2018

Here’s what GDPR means for your business

Read Article
March 13, 2018

What Is Enterprise Risk Management & Its Importance

Read Article
March 1, 2018

Here’s Why Regulatory Compliance Is Important

Read Article
February 27, 2018

What Is A Compliance Managers Role?

Read Article
February 22, 2018

What is an IT Security Audit?

Read Article
February 20, 2018

Security Awareness Training: Empower Employees

Read Article
February 6, 2018

Internal Controls: What Are They & Why You Should Care

Read Article
December 12, 2017

Choosing a Governance Risk and Compliance Tool: Constant Vigilance

Read Article
November 30, 2017

Cybersecurity Dangers of Repealing Net Neutrality

Read Article
October 31, 2017

Compliance Offers Internal Stakeholder Value: Automation as Transmogrifier

Read Article
October 26, 2017

Risk Management Automation and Customer Engagement: Rupees in the Grass

Read Article
October 19, 2017

Third Party Risk Management Automation: Compliance’s Evite

Read Article
October 12, 2017

Challenges of Compliance Management: Automation to the Rescue

Read Article
October 10, 2017

7 Challenges of Being an IT Compliance Manager: Automation Makes You an American Ninja Warrior

Read Article
October 5, 2017

Cybersecurity Awareness Training Game to Celebrate Cybersecurity Awareness Month

Read Article
September 13, 2017

5 Compliance Lessons Learned from the Equifax Breach

Read Article
September 12, 2017

Protecting Your Corporate Website as an Enterprise Risk Management Strategy

Read Article
September 5, 2017

Password Management Risks: Protect Your Castle

Read Article
August 31, 2017

Compliance Reporting Metrics: Moving Away from Emojis

Read Article
August 29, 2017

SSAE 18 Changes & Requirements

Read Article
August 29, 2017

Segregation of Duties in IT: Ya Gotta Keep ‘Em Separated

Read Article
August 17, 2017

The Rising Cost of Compliance Solved by Automation

Read Article
August 10, 2017

Effective Bring Your Own Device Policy: 15 Steps to Success

Read Article
August 8, 2017

Follow the Data: 9 Strategies to Managing Third Party Risk

Read Article
August 3, 2017

Defcon 2017 Roundup: 7 Lessons for Information Security Professionals

Read Article
July 27, 2017

Why Buying SaaS GRC Software Is a Smart Investment

Read Article
July 27, 2017

Automating NIST Cybersecurity Framework Control Info

Read Article
July 18, 2017

Cybersecurity Management and GRC Automation

Read Article
July 6, 2017

Protecting Your Data From Ransomware

Read Article
June 29, 2017

The Cybersecurity Executive Order: What You Need To Know and Why

Read Article
June 27, 2017

Hidden Cost of Cyberattacks: What Automation Can Do to Save You Money

Read Article
June 22, 2017

How Today’s Credit Card Controls Evolved from a Lost Wallet

Read Article
June 22, 2017

Vetting Vendors: You Are Not the Weakest Link

Read Article
June 15, 2017

GDPR Compliance: An Introduction to the Legislation (Part 2 of 2)

Read Article
June 8, 2017

Cloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven

Read Article
June 2, 2017

Legal Liability in Information Security: How Compliance Can Be Used to Protect Assets

Read Article
May 26, 2017

Out of Order: 5 Compliance Projects Gone Terribly Wrong

Read Article
May 18, 2017

Infosec Compliance Awareness Saves Lives from Wannacrys

Read Article
May 9, 2017

How to Become a Successful CISO

Read Article
May 2, 2017

Audit Mindset: Technology Drives Shift in Audit Values

Read Article
April 27, 2017

Understanding SOX Requirements & The Sarbanes-Oxley Act

Read Article
April 20, 2017

Information Technology Risk Automation’s Benefits

Read Article
April 17, 2017

5 Ticketing Systems for GRC and 3 Reasons They Matter

Read Article
April 10, 2017

Compliance Automation and its Benefits for Reporting

Read Article
April 3, 2017

How Digital Transformation Really Drives GRC

Read Article
March 30, 2017

Information Silos Can Be Broken Using GRC Automation

Read Article
March 23, 2017

User Access Review Best Practices

Read Article
March 23, 2017

7 Steps to Create an Effective User Access Review Program

Read Article
March 21, 2017

User Behavior Analysis 101: What You Need to Know

Read Article
March 13, 2017

Security Awareness: 5 Ways to Educate Your Employees

Read Article
February 21, 2017

119 InfoSec Experts You Should Follow On Twitter Right Now

Read Article
February 13, 2017

Risk Assessment for Information Security Methodology

Read Article
February 6, 2017

Tips For Compliance Related Planning Project Management

Read Article
February 3, 2017

Super Bowl Security: How Information Security Impacts The Big Game

Read Article
February 2, 2017

OMG IoT: Information Security and The Internet of Things

Read Article
January 12, 2017

Compliance Project Management Best Practices

Read Article
January 9, 2017

Cleanin’ Out My Closet: Software Not Shared Spreadsheets

Read Article
January 6, 2017

Keep it Private: SOX Compliance and Private Companies

Read Article
December 22, 2016

Better Than Yoda: CIOs, GRC Tools, Principled Performance

Read Article
December 14, 2016

ILOVEYOU Not H1N1: InfoSec as Business Continuity

Read Article
December 8, 2016

Ch-ch-ch-changes: The 2015 ISO 9001 Updates and Your Business

Read Article
December 6, 2016

In Search Of: ISO Framework and What You Need To Know About ISO 27001

Read Article
November 17, 2016

Webinar Recording Now Available – 6 Time Saving Steps to Simplify Your GRC Strategy

Read Article
November 3, 2016

Defining Goals – an Excerpt from our GRC Software Buyers’ Guide

Read Article
November 1, 2016

How to Conduct a Compliance Self-Assessment – an Excerpt from our GRC Software Buyers’ Guide

Read Article
October 27, 2016

The Cyber Regulations are Coming. Get Your 2017 Budget Ready Now.

Read Article
October 24, 2016

When to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
October 19, 2016

Smarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
October 10, 2016

What is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
September 12, 2016

Cut Through Complexity with Consolidated Objectives

Read Article
August 19, 2016

What you need to know about the AICPA’s SOC 2 Content Update

Read Article
August 16, 2016

ZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More

Read Article
August 9, 2016

5 Tips to Prepare For Your First External Audit

Read Article
August 2, 2016

“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets

Read Article
July 26, 2016

Join Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets

Read Article
July 18, 2016

Get your Quick Guide to ZenGRC

Read Article
June 24, 2016

5 Common Mistakes That Will Make or Break Your Compliance Program

Read Article
June 16, 2016

ISO Certification 27001 Requirements & Standards

Read Article
June 10, 2016

ZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates

Read Article
May 11, 2016

ZenGRC v2.1 Release Features Improved Audit Capabilities, Simplified Customer Support

Read Article
April 29, 2016

Governance, Risk Management and Compliance Definitions

Read Article
April 21, 2016

Finding the Compliance Management Tool You Need

Read Article
March 31, 2016

5 Steps to Manage Third-Party Security Risks

Read Article
March 25, 2016

Compliance Best Practices: When Will Excel Crush You?

Read Article
February 25, 2016

How to Tell if it is Time to Start a Compliance Program [Infographic]

Read Article
February 11, 2016

Staying Compliant in the Cloud Without a Cybersecurity Attorney

Read Article
January 14, 2016

Are Compliance and Agility Mutually Exclusive? Absolutely Not!

Read Article
December 28, 2015

5 Steps to Securing Your Company Online From the Get-Go

Read Article
December 14, 2015

Compliance Could Be Your Selling Point

Read Article
November 30, 2015

5 Ways to Create a Culture of Security

Read Article
November 16, 2015

Keeping Your Feet on the Ground With Data in the Cloud

Read Article
October 21, 2015

Compliance as a Service: A Buzzword or a New Trend in Business?

Read Article
September 16, 2015

A Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen

Read Article
August 19, 2015

Humans: Data Security Strategy’s Worst Enemy

Read Article
August 12, 2015

Improve Security and Compliance with SAML

Read Article
July 14, 2015

Changes Are Coming For The Trust Services Principles And Criteria – Are You Ready?

Read Article
July 6, 2015

The Changing Risk Management Landscape

Read Article
June 8, 2015

5 Things to Know as You Prepare for a Compliance Audit

Read Article
May 25, 2015

Sourcing Responsibility to Vendors Could Be Your Biggest Mistake

Read Article
May 18, 2015

5 Steps to Build Processes that Safeguard your Most Sensitive Data

Read Article
May 4, 2015

The Rise of GRC is caused by the Rise of the Cloud

Read Article
April 27, 2015

Selecting the Right Service Organization Control Report for Outsourced Operations

Read Article
March 24, 2015

5 tips to implement Agile Compliance

Read Article
Slider Image

FAQs

July 21, 2020

What are GAAP Internal Controls?

Read FAQ
July 21, 2020

Are Public Companies Required to be Audited?

Read FAQ
July 17, 2020

What is a Data Retention Policy?

Read FAQ
July 17, 2020

What is Internal Control Review?

Read FAQ
July 16, 2020

What is a CMMC Audit?

Read FAQ
July 16, 2020

What is the CMMC Framework?

Read FAQ
July 16, 2020

What is the Risk Management Process?

Read FAQ
July 16, 2020

What is a Risk-Based Internal Audit?

Read FAQ
July 2, 2020

How Frequently Should You Audit for SOC 2?

Read FAQ
July 2, 2020

What is an Internal Control Framework?

Read FAQ
July 2, 2020

What is Compliance Automation?

Read FAQ
July 2, 2020

What is Segregation of Duties in Auditing

Read FAQ
July 2, 2020

What is Digital Risk Management?

Read FAQ
July 2, 2020

What is the Segregation of Duties as it Relates to Controls?

Read FAQ
June 25, 2020

What is Internal Control in Auditing?

Read FAQ
June 25, 2020

What is Hybrid Cloud?

Read FAQ
June 23, 2020

What are the CMMC Levels?

Read FAQ
June 19, 2020

What Is Information Security Risk?

Read FAQ
April 28, 2020

What is a Third Party Under CCPA?

Read FAQ
April 25, 2020

What Does Risk Management Involve?

Read FAQ
April 25, 2020

What is Cybersecurity Maturity Model Certification (CMMC)?

Read FAQ
April 25, 2020

What is a Dynamic Risk Assessment?

Read FAQ
April 25, 2020

How Much Does a SOC 2 Audit Cost?

Read FAQ
April 22, 2020

What is a CMMC Assessment?

Read FAQ
April 18, 2020

What is the Gramm-Leach-Bliley Act?

Read FAQ
March 18, 2020

What is a Vulnerability Scanner?

Read FAQ
March 18, 2020

What are Pipeline Security Guidelines?

Read FAQ
March 11, 2020

Why is Audit Evidence Important?

Read FAQ
March 11, 2020

What is a SSAE 18 Audit?

Read FAQ
March 10, 2020

What are Supplier Management KPIs?

Read FAQ
March 10, 2020

What Are NIST Data Center Security Standards?

Read FAQ
March 10, 2020

What is the Vendor Security Alliance Questionnaire?

Read FAQ
March 10, 2020

What is Third-Party Vendor Management?

Read FAQ
March 7, 2020

What is Third-Party Risk Management?

Read FAQ
March 7, 2020

What is Security by Design?

Read FAQ
March 7, 2020

What is the Vendor Management Lifecycle in GRC?

Read FAQ
March 6, 2020

What Is the Principle of Least Privilege?

Read FAQ
March 6, 2020

What is Holistic Risk Management?

Read FAQ
March 6, 2020

What are the Benefits of Integrated Risk Management

Read FAQ
February 19, 2020

What is Integrated Risk Management?

Read FAQ
February 6, 2020

What is a Risk Register?

Read FAQ
February 6, 2020

What is Cybersecurity Risk Analysis?

Read FAQ
February 6, 2020

What is the CCPA’s Private Right of Action?

Read FAQ
February 6, 2020

What is a Vendor Risk Assessment?

Read FAQ
February 6, 2020

What are GDPR Fines and Penalties?

Read FAQ
February 6, 2020

What Are Risk Management Methodologies in Compliance?

Read FAQ
January 24, 2020

What are the 8 GDPR Rights of Individuals?

Read FAQ
January 15, 2020

What is the Gartner Magic Quadrant for Integrated Risk Management?

Read FAQ
January 15, 2020

What is Evidence Collection in Compliance?

Read FAQ
January 15, 2020

What is the Fraud Triangle?

Read FAQ
January 15, 2020

What is a Third-Party Risk Assessment?

Read FAQ
January 14, 2020

What is Cybersecurity Risk Management?

Read FAQ
January 11, 2020

What is a Compliance Framework?

Read FAQ
January 11, 2020

What is SOX Reporting?

Read FAQ
January 11, 2020

What is Data Governance?

Read FAQ
January 11, 2020

What is Supplier Risk Management?

Read FAQ
January 11, 2020

What is Data Compliance?

Read FAQ
January 11, 2020

What is Risk Identification?

Read FAQ
January 10, 2020

What is a Vendor Risk Management Program?

Read FAQ
January 10, 2020

What is a High-Risk Vendor?

Read FAQ
January 10, 2020

What’s the Difference Between Risk Appetite vs. Risk Tolerance?

Read FAQ
January 7, 2020

What are the 3 Types of Internal Controls?

Read FAQ
January 7, 2020

What is Cloud Compliance?

Read FAQ
January 2, 2020

What is Inherent Risk?

Read FAQ
January 2, 2020

What is a Security Risk Assessment?

Read FAQ
December 17, 2019

What is SB 561 for CCPA?

Read FAQ
December 16, 2019

What is a Network Vulnerability Assessment?

Read FAQ
December 12, 2019

What are the HITRUST Maturity Levels?

Read FAQ
December 12, 2019

What is Cloud Security Control?

Read FAQ
December 12, 2019

What is Risk Mitigation?

Read FAQ
December 11, 2019

What is Supply Chain Risk Management?

Read FAQ
December 10, 2019

What is an Internal Audit?

Read FAQ
December 10, 2019

What Are the Top Operational Risks for Banks?

Read FAQ
December 10, 2019

What’s the relationship between COBIT and TOGAF?

Read FAQ
December 10, 2019

What Are the NIST Special Publications?

Read FAQ
December 10, 2019

What Are NIST Controls and How Many Are There?

Read FAQ
December 10, 2019

What Is a HITRUST Audit?

Read FAQ
December 10, 2019

What is Information Security?

Read FAQ
December 4, 2019

Do I Need a SOC 2 Report?

Read FAQ
November 18, 2019

What are Information Security Threats?

Read FAQ
November 18, 2019

What are the Types of Information Security Controls?

Read FAQ
November 18, 2019

What are Information Security Controls?

Read FAQ
November 18, 2019

What is Information Security Governance?

Read FAQ
November 11, 2019

ISO Compliance vs. Certification: What’s the Difference?

Read FAQ
November 6, 2019

What is Compliance Management?

Read FAQ
November 5, 2019

What Are the Steps of an Audit?

Read FAQ
November 4, 2019

SOX Management Review Controls

Read FAQ
October 29, 2019

Who does the FCPA apply to?

Read FAQ
October 29, 2019

What does compliance mean in business?

Read FAQ
October 21, 2019

To Whom Does the CCPA Apply?

Read FAQ
October 21, 2019

What is a compliance management system?

Read FAQ
October 21, 2019

What is compliance reporting?

Read FAQ
October 21, 2019

Is AWS HiTRUST Certified?

Read FAQ
October 21, 2019

Does FCPA Apply to Private Companies?

Read FAQ
October 21, 2019

What is the COSO Framework?

Read FAQ
October 21, 2019

What is a compliance audit?

Read FAQ
October 21, 2019

What is an audit management system?

Read FAQ
October 15, 2019

What are NIST Framework Controls?

Read FAQ
October 15, 2019

What is a Cybersecurity Framework?

Read FAQ
October 15, 2019

What are the three internal controls?

Read FAQ
September 24, 2019

Does My Business Qualify for One of the CCPA’s Exceptions?

Read FAQ
September 11, 2019

What are the penalties for violating the CCPA?

Read FAQ
September 11, 2019

What is the purpose of NIST?

Read FAQ
September 11, 2019

What is Cybersecurity?

Read FAQ
September 11, 2019

What is SOX compliance testing?

Read FAQ
September 11, 2019

What is a SOX control?

Read FAQ
September 6, 2019

What are the CCPA Categories of Personal Information?

Read FAQ
August 12, 2019

What are cybersecurity threats?

Read FAQ
August 12, 2019

Why is cybersecurity important?

Read FAQ
August 6, 2019

What Countries are Covered by GDPR?

Read FAQ
August 6, 2019

What is GDPR?

Read FAQ
August 6, 2019

What is personal data under GDPR?

Read FAQ
June 10, 2019

SOX Compliance and Private Companies

Read FAQ
June 10, 2019

Why SOX Compliance is Required

Read FAQ
June 10, 2019

What is SOX compliance?

Read FAQ
June 10, 2019

What is SOX?

Read FAQ
June 10, 2019

COBIT vs ITIL

Read FAQ
June 10, 2019

What is COBIT?

Read FAQ
March 25, 2019

What is Vendor Risk Management?

Read FAQ
March 25, 2019

What is SSAE 18?

Read FAQ
March 25, 2019

What is COSO?

Read FAQ
March 25, 2019

What is Compliance Risk Management?

Read FAQ
March 25, 2019

What is an SSAE 18 Report?

Read FAQ
March 25, 2019

What is a risk management plan?

Read FAQ
March 25, 2019

What is a Risk Assessment Matrix?

Read FAQ
March 25, 2019

What are the ISO Standards?

Read FAQ
March 25, 2019

SSAE 18 Changes

Read FAQ
Slider Image

Infographics

March 25, 2019

Does Your Business Need A Compliance Program?

Read Infographic
March 25, 2019

A Compliance Tool Roadmap

Read Infographic

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo