Get a Demo

The Regulatory Burden

Oil and gas facilities are governed by numerous national security regulations because they qualify as critical infrastructure.

Moreover, the design of drilling facilities has become enormously complicated, with industrial controls and Internet-enabled systems intersecting. That gives rise to many more possible attack points that must be secured and monitored at all times.

Under the Pipeline Security Guidelines, developed and managed by the Transportation Security Guidelines, oil & gas concerns must inventory their operating technologies (defined as systems that control and monitor physical equipment). All cyber-enabled “OT” is deemed critical infrastructure by the Department of Homeland Security and therefore should implement the NIST Cybersecurity Framework for Critical Infrastructure.

As employers, oil and gas companies also have all the usual regulatory obligations around personal data (HIPAA, Gramm-Leach-Bliley, GDPR). Plus security risks for corporate financial and operational data not related to pipeline operations (intellectual property, for example).

Compliance Objectives

Both the pipeline industry guidelines and the NIST critical infrastructure guidance include steps such as risk assessment, response planning, mitigation, training and protective technology to keep essential assets as far away from threats as possible.

For security officers building a compliance strategy, those obligations translate into several practical steps that a compliance management system will need to do:

  • Inventory all the systems that control physical assets and their connectivity to the rest of the IT infrastructure.
  • Assess the starting security posture of their own systems and any third parties they use.
  • Identify security gaps they must fill to meet regulatory requirements.
  • Establish mitigation steps that might be necessary and assign them to control owners.
  • Monitor usage of IT services to see whether new third parties are on the network.
  • Conduct any news risk assessments might be necessary as new regulations emerge.
Slider Image

Ebooks

March 25, 2019

Reduce PCI DSS Scoping — and Risk

Read Ebook
Slider Image

Guides

April 20, 2021

5 Steps to CMMC Readiness

Read Guide
April 16, 2021

Get Set for CMMC Success

Read Guide
April 3, 2020

Response and Preparedness for COVID-19

Read Guide
March 17, 2020

Operational Risk Management

Read Guide
March 17, 2020

Business Continuity Checklist for Planning and Implementation

Read Guide
March 17, 2020

Business Continuity vs Disaster Recovery: Whats the Difference

Read Guide
March 17, 2020

Why you need a vendor risk management policy

Read Guide
March 17, 2020

Best Practices in Cyber Supply Chain Risk Management

Read Guide
March 17, 2020

How Effective Vendor Risk Management Can Drive Your Business Forward

Read Guide
March 17, 2020

Proactive vs. Reactive Risk Management Strategies

Read Guide
March 17, 2020

InfoSec as Business Continuity

Read Guide
March 17, 2020

How to Manage Technological Risks?

Read Guide
March 17, 2020

What is Supply Chain Compliance?

Read Guide
March 17, 2020

What is the Primary Objective of Data Security Controls?

Read Guide
December 16, 2019

Guide to COSO Framework and Compliance

Read Guide
December 9, 2019

California Consumer Privacy Act (CCPA) Compliance Guide

Read Guide
June 28, 2019

Preparing for a HITRUST audit – A Step by Step Guide – Part 1

Read Guide
June 28, 2019

Preparing for a NIST Audit: A Step-by-Step Guide

Read Guide
May 10, 2019

Preparing for a SOX Audit Using COSO

Read Guide
Slider Image

Webinars

July 21, 2020

CCPA Enforcement Alert: What To Do NOW To Avoid Penalties

Watch Webinar
June 25, 2020

How To Prepare For A CCPA Audit

Watch Webinar
Slider Image

Articles

June 16, 2021

5 Tips To Prepare For Your External Audit

Read Article
June 14, 2021

Effective Social Media Risk Management

Read Article
June 14, 2021

Password Management Risks: Protect Your Castle

Read Article
June 10, 2021

Effective Workflow For Your Audit Management Process

Read Article
June 8, 2021

What are the Elements of an Integrated Risk Management System?

Read Article
June 7, 2021

Cloud Security vs. Traditional Security

Read Article
June 1, 2021

Applying Big Data to Risk Management

Read Article
May 31, 2021

CCPA vs. GDPR: Compliance Comparison

Read Article
May 31, 2021

6 Steps to Performing a Cybersecurity Risk Assessment

Read Article
May 26, 2021

What is an IT Security Audit?

Read Article
May 26, 2021

How to Protect Your Data From Ransomware

Read Article
May 21, 2021

Continuous Auditing vs. Continuous Monitoring

Read Article
May 10, 2021

Proactive vs. Reactive Risk Management Strategies

Read Article
March 10, 2021

Security Awareness: 5 Ways to Educate Your Employees

Read Article
March 1, 2021

How to Conduct a Vulnerability Assessment

Read Article
February 19, 2021

What Is A Compliance Manager’s Role? | Reciprocity

Read Article
February 10, 2021

Cost of Compliance

Read Article
January 25, 2021

Tips and Strategies for Risk Mitigation in Project Management

Read Article
January 19, 2021

Risk Assessment Methodology for Information Security

Read Article
January 18, 2021

Bring Your Own Device Policy Best Practices

Read Article
January 6, 2021

SSAE 18 Requirements

Read Article
January 4, 2021

What Does a Compliance Management System Look Like?

Read Article
January 4, 2021

User Behavior Analysis 101

Read Article
November 7, 2020

November 2020: Compliance Certification Roundup

Read Article
October 13, 2020

October 2020: Compliance Certification Roundup

Read Article
September 1, 2020

September 2020: Compliance Certification Roundup

Read Article
August 20, 2020

August 2020: Compliance Certification Roundup

Read Article
August 4, 2020

Network Security Audit Checklist

Read Article
June 18, 2020

How to Adjust Business Continuity Plans for COVID-19

Read Article
June 9, 2020

June 2020: Compliance Certification Roundup

Read Article
June 4, 2020

How the COSO Framework Helps You Comply with SOX

Read Article
May 28, 2020

5 Strategies to Mitigate Business Risk During Coronavirus

Read Article
May 26, 2020

Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

Read Article
May 25, 2020

May 2020: Compliance Certification Roundup

Read Article
May 21, 2020

COVID-19: Importance of Ethical Leadership During a Crisis

Read Article
May 20, 2020

COVID-19: User Access Management Best Practices

Read Article
May 14, 2020

What is Compliance Oversight?

Read Article
May 12, 2020

11 Proven Risk Mitigation Strategies

Read Article
May 8, 2020

How to Comply with GDPR

Read Article
May 7, 2020

Risk Management Process

Read Article
May 6, 2020

Coronavirus-Themed Cyberattacks To Watch Out For

Read Article
May 5, 2020

Tips for Managing Third-Party Risk in Health Care

Read Article
May 4, 2020

7 Pandemic Risk Management Tips to Implement Now

Read Article
May 1, 2020

How Nevada’s SB220 Compares to CCPA

Read Article
April 30, 2020

The Difference Between Vulnerability Assessment and Vulnerability Management

Read Article
April 29, 2020

What Compliance Lessons Can We Learn From Past Pandemics?

Read Article
April 28, 2020

FCPA compliance checklist

Read Article
April 21, 2020

How to Prevent Third-Party Vendor Data Breaches

Read Article
April 17, 2020

COVID-19 Compliance Considerations for Remote Employees

Read Article
April 14, 2020

Pros and Cons of the FAIR Framework

Read Article
April 7, 2020

What is a Vulnerability Management Program?

Read Article
April 2, 2020

IT Audit Checklist for Your IT Department

Read Article
March 31, 2020

Threat, Vulnerability, and Risk: What’s the Difference?

Read Article
March 26, 2020

What Are SOX Compliance Requirements?

Read Article
March 24, 2020

IRM, ERM, and GRC: Is There a Difference?

Read Article
March 23, 2020

COVID-19: Response and Preparedness through the lens of Risk Management

Read Article
March 19, 2020

Audit Checklist for Social Compliance

Read Article
March 17, 2020

How is COBIT Related to Risk Management?

Read Article
March 17, 2020

Key Steps to Manage Operational Risk

Read Article
March 16, 2020

Reciprocity’s Response to COVID-19

Read Article
February 27, 2020

Inherent Risk vs. Control Risk: What’s the Difference?

Read Article
February 25, 2020

CCPA Compliance Checklist

Read Article
February 18, 2020

Why You Need a Vendor Risk Management Policy

Read Article
February 13, 2020

CCPA Exemptions: The California Consumer Privacy Act and the Gramm-Leach-Bliley Act

Read Article
February 11, 2020

Best Practices in Cyber Supply Chain Risk Management

Read Article
February 10, 2020

Proactive vs Reactive Risk Management Strategies

Read Article
February 6, 2020

The Difference Between Strategic and Operational Risk

Read Article
February 5, 2020

The Debut of Advanced ZenGRC Risk Management

Read Article
January 8, 2020

Top 5 Predictions for InfoSec GRC in 2020

Read Article
December 31, 2019

Business Continuity Checklist for Planning and Implementation

Read Article
December 19, 2019

Cybersecurity Audit Checklist

Read Article
December 6, 2019

Key Takeaways from the CCPA Audit Webinar with Dr. Maxine Henry

Read Article
December 5, 2019

The Differences Between SOX 302 and 404 Requirements

Read Article
December 3, 2019

How to Map PCI DSS to the NIST Cybersecurity Framework

Read Article
September 19, 2019

Sox Management Review Controls

Read Article
August 16, 2019

ZenGage #AMA Series with Dr. Maxine Henry on the CCPA

Read Article
June 10, 2019

How to Manage Technological Risks?

Read Article
May 9, 2019

What are Internal Control Weaknesses?

Read Article
April 23, 2019

What You Need to Know About California’s New Data Protection Law

Read Article
April 18, 2019

Workflow Automation For Compliance

Read Article
April 16, 2019

How to Audit Governance

Read Article
April 4, 2019

The Responsibilities of a Compliance Manager

Read Article
April 2, 2019

How to Build a Compliance Program

Read Article
March 28, 2019

Audit Performance Metrics: Measuring Internal Audit Performance

Read Article
March 26, 2019

How to Improve Compliance in a Company

Read Article
March 20, 2019

Big Data in Auditing and Analytics

Read Article
March 19, 2019

What is the Primary Objective of Data Security Controls?

Read Article
March 12, 2019

Student Data Privacy Laws by State

Read Article
March 5, 2019

Understanding the CCPA Compliance Requirements

Read Article
February 28, 2019

Understanding the Types of Risk in the Oil & Gas Industry

Read Article
February 26, 2019

What is Supply Chain Compliance?

Read Article
February 7, 2019

Risk Mitigation in Software Engineering

Read Article
January 31, 2019

What Does a Compliance Manager Do?

Read Article
January 22, 2019

Important KPIs for Successful Vendor Management

Read Article
January 17, 2019

How To Get Compliant and Stay Agile

Read Article
January 15, 2019

GDPR Requirements for Cookie Policies

Read Article
January 8, 2019

eBook: Compliance Management Best Practices

Read Article
December 27, 2018

What is Vendor Risk Management (VRM)? The Definitive Guide

Read Article
December 20, 2018

Risk Appetite vs Risk Tolerance

Read Article
December 13, 2018

How Effective Vendor Risk Management Can Drive Your Business Forward

Read Article
December 6, 2018

A Compliance Tracking Tool Roadmap

Read Article
November 29, 2018

GRC Management Software Buyer’s Guide

Read Article
November 27, 2018

What is a Risk Management Plan?

Read Article
November 20, 2018

Third Party Vendor Management Audit Program

Read Article
November 13, 2018

Risk Assessment vs Risk Analysis

Read Article
November 6, 2018

Audit Requirements for Private Companies in the United States

Read Article
November 1, 2018

How to Monitor Compliance?

Read Article
October 30, 2018

Risk Prioritization in Project Management

Read Article
October 25, 2018

What is Records Management & Compliance?

Read Article
October 23, 2018

Data Analytics Strategy For Internal Audit Effectiveness

Read Article
October 16, 2018

How Technology Helps You Better Manage Compliance

Read Article
October 11, 2018

The Difference Between Business Continuity and Disaster Recovery

Read Article
October 4, 2018

Third-Party Due Diligence Best Practices

Read Article
September 27, 2018

Vendor Management Workflow for Vendor Risk Assessments

Read Article
September 26, 2018

How to Reduce Operational Risk in Banking

Read Article
September 20, 2018

KPI’s For Measuring Compliance Effectiveness

Read Article
September 11, 2018

How Connected Data is Transforming Risk Management

Read Article
September 6, 2018

What is Continuous Auditing?

Read Article
August 28, 2018

Top Issues Facing Compliance Managers in the Oil & Gas Industry

Read Article
August 16, 2018

Audit Log Best Practices For Information Security

Read Article
August 14, 2018

Continuous Monitoring for Real Time Compliance

Read Article
August 8, 2018

The Road to Continuous Compliance

Read Article
August 7, 2018

How Big Data Analysis Helps Compliance & Business Leaders Make Better Decisions

Read Article
August 2, 2018

What is the CISO’s Role in Risk Management?

Read Article
July 23, 2018

How Vendor Risk Management Can Impact Your GDPR Compliance

Read Article
July 10, 2018

How Can RMIS Support Risk Management?

Read Article
July 3, 2018

A Plan To Help You Successfully Manage Your Vendors

Read Article
June 21, 2018

Who’s really responsible for third-party vendor breaches

Read Article
June 14, 2018

The most important part of GDPR compliance

Read Article
June 12, 2018

Internal Controls & Fraud Prevention

Read Article
June 5, 2018

5 Steps to GDPR Compliance

Read Article
May 28, 2018

The real reason you should fear the GDPR deadline

Read Article
May 24, 2018

Key Steps To Becoming NIST Compliant | Reciprocity

Read Article
May 15, 2018

What you should know about Secure Controls Framework (SCF)

Read Article
May 3, 2018

COSO ERM vs ISO 31000

Read Article
May 1, 2018

What Are The Differences Between COBIT & COSO

Read Article
April 17, 2018

An Automated Approach To IT GRC Management

Read Article
April 10, 2018

An Automated Approach To SOX Testing

Read Article
March 27, 2018

5 Enterprise Risk Management (ERM) Steps

Read Article
March 20, 2018

5 Steps To Developing A Corporate Compliance Program

Read Article
March 19, 2018

Here’s what GDPR means for your business

Read Article
March 13, 2018

What Is Enterprise Risk Management & Its Importance

Read Article
March 1, 2018

Here’s Why Regulatory Compliance Is Important

Read Article
February 20, 2018

Security Awareness Training: Empower Employees

Read Article
February 6, 2018

Internal Controls: What Are They & Why You Should Care

Read Article
December 12, 2017

Choosing a Governance Risk and Compliance Tool: Constant Vigilance

Read Article
November 30, 2017

Cybersecurity Dangers of Repealing Net Neutrality

Read Article
October 31, 2017

Compliance Offers Internal Stakeholder Value: Automation as Transmogrifier

Read Article
October 26, 2017

Risk Management Automation and Customer Engagement: Rupees in the Grass

Read Article
October 19, 2017

Third Party Risk Management Automation: Compliance’s Evite

Read Article
October 12, 2017

Challenges of Compliance Management: Automation to the Rescue

Read Article
October 10, 2017

7 Challenges of Being an IT Compliance Manager: Automation Makes You an American Ninja Warrior

Read Article
October 5, 2017

Cybersecurity Awareness Training Game to Celebrate Cybersecurity Awareness Month

Read Article
September 13, 2017

5 Compliance Lessons Learned from the Equifax Breach

Read Article
September 12, 2017

Protecting Your Corporate Website as an Enterprise Risk Management Strategy

Read Article
August 31, 2017

Compliance Reporting Metrics: Moving Away from Emojis

Read Article
August 29, 2017

Segregation of Duties in IT: Ya Gotta Keep ‘Em Separated

Read Article
August 8, 2017

Follow the Data: 9 Strategies to Managing Third Party Risk

Read Article
August 3, 2017

Defcon 2017 Roundup: 7 Lessons for Information Security Professionals

Read Article
July 27, 2017

Why Buying SaaS GRC Software Is a Smart Investment

Read Article
July 27, 2017

Automating NIST Cybersecurity Framework Control Info

Read Article
July 25, 2017

Third Party Security Risk: Don’t Let Friends Become Gate Crashers

Read Article
July 18, 2017

Cybersecurity Management and GRC Automation

Read Article
June 29, 2017

The Cybersecurity Executive Order: What You Need To Know and Why

Read Article
June 27, 2017

Hidden Cost of Cyberattacks: What Automation Can Do to Save You Money

Read Article
June 22, 2017

How Today’s Credit Card Controls Evolved from a Lost Wallet

Read Article
June 22, 2017

Vetting Vendors: You Are Not the Weakest Link

Read Article
June 15, 2017

GDPR Compliance: An Introduction to the Legislation (Part 2 of 2)

Read Article
June 8, 2017

Cloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven

Read Article
June 2, 2017

Legal Liability in Information Security: How Compliance Can Be Used to Protect Assets

Read Article
May 26, 2017

Out of Order: 5 Compliance Projects Gone Terribly Wrong

Read Article
May 25, 2017

6 Ways Sox Compliance Benefits An Organization

Read Article
May 18, 2017

Infosec Compliance Awareness Saves Lives from Wannacrys

Read Article
May 9, 2017

How to Become a Successful CISO

Read Article
May 2, 2017

Audit Mindset: Technology Drives Shift in Audit Values

Read Article
April 27, 2017

Understanding SOX Requirements & The Sarbanes-Oxley Act

Read Article
April 20, 2017

Information Technology Risk Automation’s Benefits

Read Article
April 17, 2017

5 Ticketing Systems for GRC and 3 Reasons They Matter

Read Article
April 10, 2017

Compliance Automation and its Benefits for Reporting

Read Article
April 3, 2017

How Digital Transformation Really Drives GRC

Read Article
March 30, 2017

Information Silos Can Be Broken Using GRC Automation

Read Article
March 23, 2017

User Access Review Best Practices

Read Article
March 23, 2017

7 Steps to Create an Effective User Access Review Program

Read Article
February 21, 2017

119 InfoSec Experts You Should Follow On Twitter Right Now

Read Article
February 6, 2017

Tips For Compliance Related Planning Project Management

Read Article
February 5, 2017

2017 Predictions by The Experts

Read Article
February 3, 2017

Super Bowl Security: How Information Security Impacts The Big Game

Read Article
February 2, 2017

OMG IoT: Information Security and The Internet of Things

Read Article
January 12, 2017

Compliance Project Management Best Practices

Read Article
January 9, 2017

Cleanin’ Out My Closet: Software Not Shared Spreadsheets

Read Article
December 23, 2016

10 Probing Questions To Ask Your GRC Vendor

Read Article
December 22, 2016

Better Than Yoda: CIOs, GRC Tools, Principled Performance

Read Article
December 14, 2016

ILOVEYOU Not H1N1: InfoSec as Business Continuity

Read Article
December 14, 2016

Clear It Up For Me: Clarity Project’s 2017 SSAE-18 Change

Read Article
December 8, 2016

Ch-ch-ch-changes: The 2015 ISO 9001 Updates and Your Business

Read Article
December 6, 2016

In Search Of: ISO Framework and What You Need To Know About ISO 27001

Read Article
November 17, 2016

Webinar Recording Now Available – 6 Time Saving Steps to Simplify Your GRC Strategy

Read Article
November 3, 2016

Defining Goals – an Excerpt from our GRC Software Buyers’ Guide

Read Article
November 1, 2016

How to Conduct a Compliance Self-Assessment – an Excerpt from our GRC Software Buyers’ Guide

Read Article
October 27, 2016

The Cyber Regulations are Coming. Get Your 2017 Budget Ready Now.

Read Article
October 24, 2016

When to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
October 19, 2016

Smarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
October 10, 2016

What is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
September 12, 2016

Cut Through Complexity with Consolidated Objectives

Read Article
August 19, 2016

What you need to know about the AICPA’s SOC 2 Content Update

Read Article
August 16, 2016

ZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More

Read Article
August 2, 2016

“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets

Read Article
July 26, 2016

Join Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets

Read Article
July 18, 2016

Get your Quick Guide to ZenGRC

Read Article
June 24, 2016

5 Common Mistakes That Will Make or Break Your Compliance Program

Read Article
June 16, 2016

ISO Certification 27001 Requirements & Standards

Read Article
June 10, 2016

ZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates

Read Article
May 11, 2016

ZenGRC v2.1 Release Features Improved Audit Capabilities, Simplified Customer Support

Read Article
April 29, 2016

Governance, Risk Management and Compliance Definitions

Read Article
April 21, 2016

Finding the Compliance Management Tool You Need

Read Article
March 31, 2016

5 Steps to Manage Third-Party Security Risks

Read Article
March 25, 2016

Compliance Best Practices: When Will Excel Crush You?

Read Article
February 25, 2016

How to Tell if it is Time to Start a Compliance Program [Infographic]

Read Article
February 11, 2016

Staying Compliant in the Cloud Without a Cybersecurity Attorney

Read Article
January 14, 2016

Are Compliance and Agility Mutually Exclusive? Absolutely Not!

Read Article
December 28, 2015

5 Steps to Securing Your Company Online From the Get-Go

Read Article
December 14, 2015

Compliance Could Be Your Selling Point

Read Article
November 30, 2015

5 Ways to Create a Culture of Security

Read Article
November 16, 2015

Keeping Your Feet on the Ground With Data in the Cloud

Read Article
October 21, 2015

Compliance as a Service: A Buzzword or a New Trend in Business?

Read Article
October 7, 2015

Top 3 Challenges When Updating Your Compliance Framework

Read Article
September 16, 2015

A Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen

Read Article
August 19, 2015

Humans: Data Security Strategy’s Worst Enemy

Read Article
August 12, 2015

Improve Security and Compliance with SAML

Read Article
July 14, 2015

Changes Are Coming For The Trust Services Principles And Criteria – Are You Ready?

Read Article
July 6, 2015

The Changing Risk Management Landscape

Read Article
June 8, 2015

5 Things to Know as You Prepare for a Compliance Audit

Read Article
May 25, 2015

Sourcing Responsibility to Vendors Could Be Your Biggest Mistake

Read Article
May 18, 2015

5 Steps to Build Processes that Safeguard your Most Sensitive Data

Read Article
May 4, 2015

The Rise of GRC is caused by the Rise of the Cloud

Read Article
April 27, 2015

Selecting the Right Service Organization Control Report for Outsourced Operations

Read Article
March 24, 2015

5 tips to implement Agile Compliance

Read Article
Slider Image

FAQs

April 20, 2021

CMMC FAQs

Read FAQ
July 17, 2020

What is a Data Retention Policy?

Read FAQ
July 2, 2020

How Frequently Should You Audit for SOC 2?

Read FAQ
July 2, 2020

What is an Internal Control Framework?

Read FAQ
June 25, 2020

What is Internal Control in Auditing?

Read FAQ
April 28, 2020

What is a Third Party Under CCPA?

Read FAQ
April 25, 2020

How Much Does a SOC 2 Audit Cost?

Read FAQ
April 18, 2020

What is the Gramm-Leach-Bliley Act?

Read FAQ
March 11, 2020

What is a SSAE 18 Audit?

Read FAQ
March 10, 2020

What Are NIST Data Center Security Standards?

Read FAQ
February 6, 2020

What is the CCPA’s Private Right of Action?

Read FAQ
February 6, 2020

What are GDPR Fines and Penalties?

Read FAQ
January 24, 2020

What are the 8 GDPR Rights of Individuals?

Read FAQ
January 11, 2020

What is SOX Reporting?

Read FAQ
January 11, 2020

What is Data Governance?

Read FAQ
December 17, 2019

What is SB 561 for CCPA?

Read FAQ
December 12, 2019

What are the HITRUST Maturity Levels?

Read FAQ
December 10, 2019

What’s the relationship between COBIT and TOGAF?

Read FAQ
December 10, 2019

What Are the NIST Special Publications?

Read FAQ
December 10, 2019

What Are NIST Controls and How Many Are There?

Read FAQ
December 10, 2019

What Is a HITRUST Audit?

Read FAQ
December 4, 2019

Do I Need a SOC 2 Report?

Read FAQ
November 11, 2019

ISO Compliance vs. Certification: What’s the Difference?

Read FAQ
November 4, 2019

SOX Management Review Controls

Read FAQ
October 21, 2019

To Whom Does the CCPA Apply?

Read FAQ
October 21, 2019

What is the COSO Framework?

Read FAQ
October 15, 2019

What are NIST Framework Controls?

Read FAQ
September 24, 2019

Does My Business Qualify for One of the CCPA’s Exceptions?

Read FAQ
September 11, 2019

What are the penalties for violating the CCPA?

Read FAQ
September 11, 2019

What is the purpose of NIST?

Read FAQ
September 11, 2019

What is SOX compliance testing?

Read FAQ
September 11, 2019

What is a SOX control?

Read FAQ
September 6, 2019

What are the CCPA Categories of Personal Information?

Read FAQ
August 6, 2019

What Countries are Covered by GDPR?

Read FAQ
August 6, 2019

What is GDPR?

Read FAQ
August 6, 2019

What is personal data under GDPR?

Read FAQ
June 10, 2019

COBIT vs ITIL

Read FAQ
June 10, 2019

What is COBIT?

Read FAQ
March 25, 2019

What is SSAE 18?

Read FAQ
March 25, 2019

What is COSO?

Read FAQ
March 25, 2019

What are the ISO Standards?

Read FAQ
March 25, 2019

SSAE 18 Changes

Read FAQ
Slider Image

Infographics

April 20, 2021

The 5 Levels of CMMC

Read Infographic

Oil & Gas related Use Cases

CMMC

Read articles

CCPA

Below is CCPA related content that will save you lots of time and hassle.

Read articles

GDPR

Below is GDPR related content that will save you lots of time and hassle.

Read articles

SOC

Below is SOC related content that will save you lots of time and hassle.

Read articles

COSO

Below is COSO related content that will save you lots of time and hassle.

Read articles

SSAE

Below is SSAE related content that will save you lots of time and hassle.

Read articles

NIST

Read articles

SOX

Below is SOX related content that will save you lots of time and hassle.

Read articles

HITRUST

Below is HITRUST related content that will save you lots of time and hassle.

Read articles

COBIT

Below is COBIT related content that will save you lots of time and hassle.

Read articles

ISO

Below is ISO related content that will save you lots of time and hassle.

Read articles

PCI

Below is PCI related content that will save you lots of time and hassle.

Read articles

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

See ZenGRC in action!

Get a demo