Get a Demo

The Regulatory Burden

Technology firms today face a volatile environment. The demand for technology services from large corporations is high, and the range of services they want is diverse: data storage, payroll processing, document management, audit management and so forth.

This is a significant opportunity for technology firms. And the cloud is a fantastic vehicle to help them meet those corporate customer needs: technology firms can provide services to their customers on an as-needed basis — and customers can save money on equipment purchases, reduce implementation time and lessen human resources needed for maintenance.

At the same time, however, the cloud also means barriers to entry are low. Many tech firms might compete to serve the same sales prospect. To prevail, they will either need to offer the lowest price (an undesirable race to the bottom) or offer the best service.

Many regulatory burdens for tech providers come from their clients; whatever regulatory obligations those clients have also extended to service providers supporting those clients. So the clients themselves have a compelling interest to assure that the service provider can meet their standards.

For example, a tech provider might be exposed to:

  • Achieving a SOC 2 certification
  • NIST security protocols, if the client is a government agency or government contractor
  • The COSO framework for internal control over financial reporting, if the tech firm helps clients manage accounting or financial functions
  • HIPAA requirements, if clients use it to store or process health information
  • State-level breach disclosure laws, if the tech firm stores or processes other personally identifiable information
  • A client’s own unique privacy or security demands, regardless of regulatory requirements

Compliance Objectives

Typically corporations will request a SOC 2 audit from tech providers. This audit assesses the design of a provider’s security controls and how well those controls perform.

SOC 2 audits, however, can be tailored to assess a wide range of concerns: security, privacy, availability, process integrity and confidentiality. A tech provider will need to address a wide range of client demands, depending on the specific engagement and the client’s data security needs. 

Among the capabilities, firms will need to be able to:

  • Assess vulnerabilities in the network and application layers
  • Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting data from EU citizens)
  • Remediate any weaknesses, either through security patches to software or through changes to data collection practices
  • Map progress on those remediation efforts
  • Be prepared to report those risk assessments and remediations to other parties as necessary
  • Integrate new threat alerts or updated regulations into your compliance program as they come along
Slider Image

Ebooks

March 25, 2019

Vendor Risk Management: The Basic Need for It. The Basic Principle of It.

Read Ebook
March 25, 2019

Struggling with GRC? It’s Time to Take Charge

Read Ebook
March 25, 2019

Is it Time to Evolve Your Compliance Program?

Read Ebook
March 25, 2019

Get PCI Compliant. Stay Innovative. PCI-DSS: Steps to Successful Scoping

Read Ebook
March 25, 2019

Get Compliant. Stay Innovative.

Read Ebook
March 25, 2019

GRC Software Buyer’s Guide

Read Ebook
March 25, 2019

Driving Your Business Forward Through Effective Vendor Risk Management

Read Ebook
March 25, 2019

Cut Through Compliance Complexity with Consolidated Objectives

Read Ebook
Slider Image

Guides

April 3, 2020

Response and Preparedness for COVID-19

Read Guide
March 17, 2020

Operational Risk Management

Read Guide
March 17, 2020

Business Continuity Checklist for Planning and Implementation

Read Guide
March 17, 2020

Business Continuity vs Disaster Recovery: Whats the Difference

Read Guide
March 17, 2020

Why you need a vendor risk management policy

Read Guide
March 17, 2020

Best Practices in Cyber Supply Chain Risk Management

Read Guide
March 17, 2020

How Effective Vendor Risk Management Can Drive Your Business Forward

Read Guide
March 17, 2020

Proactive vs. Reactive Risk Management Strategies

Read Guide
March 17, 2020

InfoSec as Business Continuity

Read Guide
March 17, 2020

How to Manage Technological Risks?

Read Guide
March 17, 2020

What is Supply Chain Compliance?

Read Guide
March 17, 2020

What is the Primary Objective of Data Security Controls?

Read Guide
December 16, 2019

Guide to COSO Framework and Compliance

Read Guide
December 9, 2019

California Consumer Privacy Act (CCPA) Compliance Guide

Read Guide
November 6, 2019

The Ultimate Guide to SOC 2

Read Guide
November 6, 2019

Guide To ISO Certification And ISO Compliance

Read Guide
June 28, 2019

Preparing for a HITRUST audit – A Step by Step Guide – Part 1

Read Guide
June 28, 2019

Preparing for a NIST Audit: A Step-by-Step Guide

Read Guide
May 10, 2019

Preparing for a SOX Audit Using COSO: Internal Controls and Security at the Heart of SOX

Read Guide
April 29, 2019

Preparing for a SOC 2 or SOC 3 Audit: Three Easy Steps

Read Guide
April 29, 2019

Preparing for an ISO 27001 Audit: A Step By Step Guide

Read Guide
March 25, 2019

ZenGRC Product Info: ZenGRC Compliance Content

Read Guide
Slider Image

Case Studies

May 20, 2020

Case Study: Netskope

Read Case Study
Slider Image

Webinars

July 21, 2020

CCPA Enforcement Alert: What To Do NOW To Avoid Penalties

Watch Webinar
July 7, 2020

Top Initiatives for Infosec Teams to Consider in Implementing Business Continuity & Resiliency

Watch Webinar
July 1, 2020

Top Strategies for Digital Risk Protection

Watch Webinar
June 25, 2020

How To Prepare For A CCPA Audit

Watch Webinar
June 22, 2020

Learn how to get more work done with ZenGRC & ServiceNow

Watch Webinar
October 25, 2019

Realizing Business Value from Your Organization’s GRC

Watch Webinar
March 25, 2019

Vendor Risk Management: What your organization can and cannot do under the GDPR

Watch Webinar
March 25, 2019

Make your audit & compliance programs shine – technology solutions that help you

Watch Webinar
March 25, 2019

Increasing Efficiency of Compliance and Risk Auditing

Watch Webinar
March 25, 2019

How GRC planning protects your company’s brand against the next cyberattack

Watch Webinar
March 25, 2019

GRC: How ZenGRC makes risk and compliance management easy

Watch Webinar
March 25, 2019

GRC: Audit and Risk Assessments Made Easy

Watch Webinar
March 25, 2019

GDPR: What You Can And Cannot Do

Watch Webinar
March 25, 2019

Follow the Data: 9 Strategies to Making 3rd Party Risk Less Opaque

Watch Webinar
March 25, 2019

Do It Yourself GRC: It’s That Easy

Watch Webinar
March 25, 2019

Blazing the Trail: Develop a Compliance and Risk Management Plan in 6 Weeks

Watch Webinar
March 25, 2019

7 Steps to Creating an Effective User Access Review Program

Watch Webinar
March 25, 2019

5 Time-Saving Steps To Stand Up Your Company’s Compliance Program

Watch Webinar
March 25, 2019

5 Questions That Best Reveal The State Of Your Risk And Compliance Program

Watch Webinar
March 25, 2019

5 Compliance Projects Gone Terribly Wrong

Watch Webinar
March 25, 2019

4 Qualifying Questions You Should Ask When Evaluating a GRC Tool

Watch Webinar
March 20, 2019

How to Prepare for COBIT 2019 Compliance

Watch Webinar
September 24, 2018

A beginners guide to standing up your risk program

Watch Webinar
September 24, 2018

3 Steps to Running a More Effective SOC Audit

Watch Webinar
October 30, 2017

How to Prepare for an ISO 27001 Audit

Watch Webinar
Slider Image

Articles

August 4, 2020

Network Security Audit Checklist

Read Article
July 16, 2020

What are the COSO Control Objectives?

Read Article
July 14, 2020

6 Benefits of Internal Auditing

Read Article
July 2, 2020

July 2020: Compliance Certification Roundup

Read Article
July 1, 2020

ISO 27001 Requirements Checklist: Steps and Tips for Implementation

Read Article
June 23, 2020

Strategies for Digital Risk Protection

Read Article
June 18, 2020

How to Adjust Business Continuity Plans for COVID-19

Read Article
June 9, 2020

June 2020: Compliance Certification Roundup

Read Article
June 4, 2020

How the COSO Framework Helps You Comply with SOX

Read Article
June 2, 2020

What are the Elements of an Integrated Risk Management System?

Read Article
May 28, 2020

5 Strategies to Mitigate Business Risk During Coronavirus

Read Article
May 26, 2020

Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

Read Article
May 25, 2020

May 2020: Compliance Certification Roundup

Read Article
May 21, 2020

COVID-19: Importance of Ethical Leadership During a Crisis

Read Article
May 20, 2020

COVID-19: User Access Management Best Practices

Read Article
May 19, 2020

COSO-Based Internal Auditing

Read Article
May 14, 2020

What is Compliance Oversight?

Read Article
May 12, 2020

11 Proven Risk Mitigation Strategies

Read Article
May 10, 2020

Risk Assessment Checklist NIST 800-171

Read Article
May 8, 2020

How to Comply with GDPR

Read Article
May 7, 2020

Risk Management Process

Read Article
May 6, 2020

Coronavirus-Themed Cyberattacks To Watch Out For

Read Article
May 5, 2020

Tips for Managing Third-Party Risk in Health Care

Read Article
May 4, 2020

7 Pandemic Risk Management Tips to Implement Now

Read Article
May 1, 2020

How Nevada’s SB220 Compares to CCPA

Read Article
April 30, 2020

The Difference Between Vulnerability Assessment and Vulnerability Management

Read Article
April 29, 2020

What Compliance Lessons Can We Learn From Past Pandemics?

Read Article
April 28, 2020

FCPA compliance checklist

Read Article
April 23, 2020

What is NIST Special Publication 800-37 Revision 2?

Read Article
April 21, 2020

How to Prevent Third-Party Vendor Data Breaches

Read Article
April 17, 2020

COVID-19 Compliance Considerations for Remote Employees

Read Article
April 14, 2020

Pros and Cons of the FAIR Framework

Read Article
April 9, 2020

How to Conduct a Vulnerability Assessment

Read Article
April 7, 2020

What is a Vulnerability Management Program?

Read Article
April 2, 2020

IT Audit Checklist for Your IT Department

Read Article
March 31, 2020

Threat, Vulnerability, and Risk: What’s the Difference?

Read Article
March 26, 2020

What Are SOX Compliance Requirements?

Read Article
March 24, 2020

IRM, ERM, and GRC: Is There a Difference?

Read Article
March 23, 2020

COVID-19: Response and Preparedness through the lens of Risk Management

Read Article
March 19, 2020

Audit Checklist for Social Compliance

Read Article
March 17, 2020

How is COBIT Related to Risk Management?

Read Article
March 17, 2020

Key Steps to Manage Operational Risk

Read Article
March 16, 2020

Reciprocity’s Response to COVID-19

Read Article
March 5, 2020

6 Reasons Why You Need SOC 2 Compliance

Read Article
February 27, 2020

Inherent Risk vs. Control Risk: What’s the Difference?

Read Article
February 25, 2020

CCPA Compliance Checklist

Read Article
February 18, 2020

Why You Need a Vendor Risk Management Policy

Read Article
February 13, 2020

ZenGRC at RSAC 2020

Read Article
February 13, 2020

CCPA Exemptions: The California Consumer Privacy Act and the Gramm-Leach-Bliley Act

Read Article
February 11, 2020

Best Practices in Cyber Supply Chain Risk Management

Read Article
February 10, 2020

Proactive vs Reactive Risk Management Strategies

Read Article
February 6, 2020

The Difference Between Strategic and Operational Risk

Read Article
February 5, 2020

The Debut of Advanced ZenGRC Risk Management

Read Article
January 8, 2020

Top 5 Predictions for InfoSec GRC in 2020

Read Article
December 31, 2019

Business Continuity Checklist for Planning and Implementation

Read Article
December 19, 2019

Cybersecurity Audit Checklist

Read Article
December 6, 2019

Key Takeaways from the CCPA Audit Webinar with Dr. Maxine Henry

Read Article
December 5, 2019

The Differences Between SOX 302 and 404 Requirements

Read Article
November 19, 2019

NIST CSF Categories and Framework Tiers

Read Article
November 14, 2019

How to Maintain ISO 9001 Certification

Read Article
November 12, 2019

ISO 9001 Quality Management Principles

Read Article
September 19, 2019

Sox Management Review Controls

Read Article
August 16, 2019

ZenGage #AMA Series with Dr. Maxine Henry on the CCPA

Read Article
August 12, 2019

Preparing for an ISO 27001 and 27002 Audit

Read Article
June 13, 2019

Applying Big Data to Risk Management

Read Article
June 10, 2019

How to Manage Technological Risks?

Read Article
May 9, 2019

What are Internal Control Weaknesses?

Read Article
May 7, 2019

Continuous Auditing vs Continuous Monitoring

Read Article
April 23, 2019

What You Need to Know About California’s New Data Protection Law

Read Article
April 16, 2019

How to Audit Governance

Read Article
April 4, 2019

The Responsibilities of a Compliance Manager

Read Article
April 2, 2019

How to Build a Compliance Program

Read Article
March 28, 2019

Audit Performance Metrics: Measuring Internal Audit Performance

Read Article
March 26, 2019

How to Improve Compliance in a Company

Read Article
March 20, 2019

Big Data in Auditing and Analytics

Read Article
March 19, 2019

What is the Primary Objective of Data Security Controls?

Read Article
March 12, 2019

Student Data Privacy Laws by State

Read Article
March 7, 2019

CCPA vs. GDPR Compliance

Read Article
March 5, 2019

Understanding the CCPA Compliance Requirements

Read Article
February 26, 2019

What is Supply Chain Compliance?

Read Article
February 5, 2019

6 Steps To Performing a Cybersecurity Risk Assessment

Read Article
January 31, 2019

What Does a Compliance Manager Do?

Read Article
January 29, 2019

5 Components of the COSO Framework

Read Article
January 24, 2019

COBIT 2019 Audit Checklist

Read Article
January 22, 2019

KPI’s For Evaluating Your Vendor Management Program

Read Article
January 17, 2019

How To Get Compliant and Stay Agile

Read Article
January 15, 2019

GDPR Requirements for Cookie Policies

Read Article
January 8, 2019

eBook: Compliance Management Best Practices

Read Article
January 2, 2019

What Does a Compliance Management System Look Like?

Read Article
December 27, 2018

What is Vendor Risk Management (VRM)? The Definitive Guide

Read Article
December 20, 2018

Risk Appetite vs Risk Tolerance

Read Article
December 18, 2018

Effective Workflow For Your Audit Management Process

Read Article
December 13, 2018

How Effective Vendor Risk Management Can Drive Your Business Forward

Read Article
December 11, 2018

Cloud Security vs Traditional Security

Read Article
December 6, 2018

A Compliance Tracking Tool Roadmap

Read Article
November 29, 2018

GRC Management Software Buyer’s Guide

Read Article
November 27, 2018

What is a Risk Management Plan?

Read Article
November 20, 2018

Third Party Vendor Management Audit Program

Read Article
November 13, 2018

Risk Assessment vs Risk Analysis

Read Article
November 6, 2018

Audit Requirements for Private Companies in the United States

Read Article
November 1, 2018

How to Monitor Compliance?

Read Article
October 30, 2018

Risk Prioritization in Project Management

Read Article
October 25, 2018

What is Records Management & Compliance?

Read Article
October 23, 2018

Data Analytics Strategy For Internal Audit Effectiveness

Read Article
October 18, 2018

Guide to COBIT Best Practices

Read Article
October 16, 2018

How Technology Helps You Better Manage Compliance

Read Article
October 11, 2018

The Difference Between Business Continuity and Disaster Recovery

Read Article
October 4, 2018

Third-Party Due Diligence Best Practices

Read Article
October 2, 2018

Effective Social Media Risk Management

Read Article
September 27, 2018

Vendor Management Workflow for Vendor Risk Assessments

Read Article
September 26, 2018

How to Reduce Operational Risk in Banking

Read Article
September 20, 2018

KPI’s For Measuring Compliance Effectiveness

Read Article
September 11, 2018

How Connected Data is Transforming Risk Management

Read Article
September 6, 2018

What is Continuous Auditing?

Read Article
August 21, 2018

How Technology Helps Compliance Managers Keep Costs Down

Read Article
August 16, 2018

Audit Log Best Practices For Information Security

Read Article
August 14, 2018

Continuous Monitoring for Real Time Compliance

Read Article
August 8, 2018

The Road to Continuous Compliance

Read Article
August 7, 2018

How Big Data Analysis Helps Compliance & Business Leaders Make Better Decisions

Read Article
August 2, 2018

What is the CISO’s Role in Risk Management?

Read Article
July 23, 2018

How Vendor Risk Management Can Impact Your GDPR Compliance

Read Article
July 10, 2018

How Can RMIS Support Risk Management?

Read Article
July 3, 2018

A Plan To Help You Successfully Manage Your Vendors

Read Article
June 26, 2018

SOC 2 vs ISO 27001: Key Differences Between the Standards

Read Article
June 21, 2018

Who’s really responsible for third-party vendor breaches

Read Article
June 14, 2018

The most important part of GDPR compliance

Read Article
June 12, 2018

Internal Controls & Fraud Prevention

Read Article
June 5, 2018

5 Steps to GDPR Compliance

Read Article
June 5, 2018

Here’s Why ISO Certification Is Worth It | Reciprocity

Read Article
May 28, 2018

The real reason you should fear the GDPR deadline

Read Article
May 24, 2018

Key Steps To Becoming NIST Compliant | Reciprocity

Read Article
May 15, 2018

What you should know about Secure Controls Framework (SCF)

Read Article
May 8, 2018

What is ISO Certification, Who Needs it & Why

Read Article
May 3, 2018

COSO ERM vs ISO 31000

Read Article
May 1, 2018

What Are The Differences Between COBIT & COSO

Read Article
April 26, 2018

Asset Managers Guide To SOC 1 Compliance

Read Article
April 17, 2018

An Automated Approach To IT GRC Management

Read Article
April 10, 2018

An Automated Approach To SOX Testing

Read Article
March 29, 2018

What is Risk Management in Project Management?

Read Article
March 27, 2018

5 Enterprise Risk Management (ERM) Steps

Read Article
March 20, 2018

5 Steps To Developing A Corporate Compliance Program

Read Article
March 19, 2018

Here’s what GDPR means for your business

Read Article
March 13, 2018

What Is Enterprise Risk Management & It’s Importance

Read Article
March 8, 2018

Why International Women’s Day Matters to Information Security

Read Article
March 1, 2018

Here’s Why Regulatory Compliance Is Important

Read Article
February 27, 2018

What Is A Compliance Managers Role?

Read Article
February 22, 2018

What is an IT Security Audit?

Read Article
February 20, 2018

Security Awareness Training: Empower Employees

Read Article
February 14, 2018

Tracy Z. Maleeff: Wednesday’s Women in Infosec

Read Article
February 13, 2018

What is an ISO Audit?

Read Article
February 6, 2018

Internal Controls: What Are They & Why You Should Care

Read Article
January 10, 2018

Emily Crose: Wednesday’s Women in Infosec

Read Article
December 20, 2017

Leah Figueroa: Wednesday’s Woman in Infosec

Read Article
December 12, 2017

Choosing a Governance Risk and Compliance Tool: Constant Vigilance

Read Article
November 30, 2017

Cybersecurity Dangers of Repealing Net Neutrality

Read Article
November 15, 2017

Meg Layton: Wednesday’s Women in InfoSec

Read Article
October 31, 2017

Compliance Offers Internal Stakeholder Value: Automation as Transmogrifier

Read Article
October 26, 2017

Risk Management Automation and Customer Engagement: Rupees in the Grass

Read Article
October 19, 2017

Third Party Risk Management Automation: Compliance’s Evite

Read Article
October 12, 2017

Challenges of Compliance Management: Automation to the Rescue

Read Article
October 10, 2017

7 Challenges of Being an IT Compliance Manager: Automation Makes You an American Ninja Warrior

Read Article
October 5, 2017

Cybersecurity Awareness Training Game to Celebrate Cybersecurity Awareness Month

Read Article
September 28, 2017

COSO Framework Update: Enterprise Level Yoga

Read Article
September 26, 2017

SOC Team: The C-Suite As NFL Defensive Coordinators

Read Article
September 21, 2017

iPhone X and Security: Becoming James Bond and Protecting Your Organization

Read Article
September 13, 2017

5 Compliance Lessons Learned from the Equifax Breach

Read Article
September 12, 2017

Protecting Your Corporate Website as an Enterprise Risk Management Strategy

Read Article
September 5, 2017

Password Management Risks: Protect Your Castle

Read Article
August 31, 2017

Compliance Reporting Metrics: Moving Away from Emojis

Read Article
August 29, 2017

SSAE 18 Changes & Requirements

Read Article
August 29, 2017

Segregation of Duties in IT: Ya Gotta Keep ‘Em Separated

Read Article
August 17, 2017

The Rising Cost of Compliance Solved by Automation

Read Article
August 16, 2017

Christine Bejerasco: Wednesday’s Women in InfoSec

Read Article
August 10, 2017

Effective Bring Your Own Device Policy: 15 Steps to Success

Read Article
August 8, 2017

Follow the Data: 9 Strategies to Managing Third Party Risk

Read Article
August 3, 2017

Defcon 2017 Roundup: 7 Lessons for Information Security Professionals

Read Article
August 1, 2017

NIST 800-53 and FedRAMP: FISMA’s Peanut Butter and Jelly

Read Article
July 27, 2017

Why Buying SaaS GRC Software Is a Smart Investment

Read Article
July 27, 2017

Automating NIST Cybersecurity Framework Control Info

Read Article
July 25, 2017

Third Party Security Risk: Don’t Let Friends Become Gate Crashers

Read Article
July 18, 2017

Cybersecurity Management and GRC Automation

Read Article
July 12, 2017

Wednesday’s Women in Infosec: Kristina Birk

Read Article
July 6, 2017

Protecting Your Data From Ransomware

Read Article
June 29, 2017

The Cybersecurity Executive Order: What You Need To Know and Why

Read Article
June 27, 2017

Hidden Cost of Cyberattacks: What Automation Can Do to Save You Money

Read Article
June 22, 2017

How Today’s Credit Card Controls Evolved from a Lost Wallet

Read Article
June 22, 2017

Vetting Vendors: You Are Not the Weakest Link

Read Article
June 15, 2017

GDPR Compliance: An Introduction to the Legislation (Part 2 of 2)

Read Article
June 8, 2017

Cloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven

Read Article
June 7, 2017

Wednesday’s Women in Infosec: Eleanor Dallaway

Read Article
June 2, 2017

Legal Liability in Information Security: How Compliance Can Be Used to Protect Assets

Read Article
May 26, 2017

Out of Order: 5 Compliance Projects Gone Terribly Wrong

Read Article
May 25, 2017

6 Ways Sox Compliance Benefits An Organization

Read Article
May 18, 2017

Infosec Compliance Awareness Saves Lives from Wannacrys

Read Article
May 16, 2017

The Fine Art of Scoping a SOC 2 Audit

Read Article
May 11, 2017

Artificial Intelligence in Security is Not The Terminator

Read Article
May 9, 2017

How to Become a Successful CISO

Read Article
May 3, 2017

Wednesday’s Women in Infosec: Georgia Weidman

Read Article
May 2, 2017

Audit Mindset: Technology Drives Shift in Audit Values

Read Article
April 27, 2017

Understanding SOX Requirements & The Sarbanes-Oxley Act

Read Article
April 25, 2017

69 Information Security Blogs You Should Be Reading

Read Article
April 20, 2017

Information Technology Risk Automation’s Benefits

Read Article
April 17, 2017

5 Ticketing Systems for GRC and 3 Reasons They Matter

Read Article
April 12, 2017

SOC Audits: What They Are, and How to Survive Them

Read Article
April 10, 2017

Compliance Automation and its Benefits for Reporting

Read Article
April 5, 2017

Wednesday’s Women in Infosec: Michelle Schafer

Read Article
April 3, 2017

How Digital Transformation Really Drives GRC

Read Article
March 30, 2017

Information Silos Can Be Broken Using GRC Automation

Read Article
March 23, 2017

User Access Review Best Practices

Read Article
March 23, 2017

7 Steps to Create an Effective User Access Review Program

Read Article
March 21, 2017

User Behavior Analysis 101: What You Need to Know

Read Article
March 13, 2017

Security Awareness: 5 Ways to Educate Your Employees

Read Article
March 9, 2017

Jason Mefford Talks cRisk Academy and GRC

Read Article
March 3, 2017

6 InfoSec Cartoons & Webcomics to Brighten a Gloomy Week

Read Article
March 1, 2017

Wednesday’s Women: Magen Wu

Read Article
February 21, 2017

119 InfoSec Experts You Should Follow On Twitter Right Now

Read Article
February 13, 2017

Risk Assessment for Information Security Methodology

Read Article
February 6, 2017

Tips For Compliance Related Planning Project Management

Read Article
February 5, 2017

2017 Predictions by The Experts

Read Article
February 3, 2017

Super Bowl Security: How Information Security Impacts The Big Game

Read Article
February 2, 2017

OMG IoT: Information Security and The Internet of Things

Read Article
January 12, 2017

Compliance Project Management Best Practices

Read Article
January 9, 2017

Cleanin’ Out My Closet: Software Not Shared Spreadsheets

Read Article
January 6, 2017

Keep it Private: SOX Compliance and Private Companies

Read Article
December 23, 2016

10 Probing Questions To Ask Your GRC Vendor

Read Article
December 22, 2016

Better Than Yoda: CIOs, GRC Tools, Principled Performance

Read Article
December 14, 2016

ILOVEYOU Not H1N1: InfoSec as Business Continuity

Read Article
December 14, 2016

Clear It Up For Me: Clarity Project’s 2017 SSAE-18 Change

Read Article
December 13, 2016

Keep Your Socs On: From SOC Compliance to SOC 2+ Reporting

Read Article
December 8, 2016

Ch-ch-ch-changes: The 2015 ISO 9001 Updates and Your Business

Read Article
December 6, 2016

In Search Of: ISO Framework and What You Need To Know About ISO 27001

Read Article
November 17, 2016

Webinar Recording Now Available – 6 Time Saving Steps to Simplify Your GRC Strategy

Read Article
November 3, 2016

Defining Goals – an Excerpt from our GRC Software Buyers’ Guide

Read Article
November 1, 2016

How to Conduct a Compliance Self-Assessment – an Excerpt from our GRC Software Buyers’ Guide

Read Article
October 27, 2016

The Cyber Regulations are Coming. Get Your 2017 Budget Ready Now.

Read Article
October 24, 2016

When to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
October 19, 2016

Smarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
October 10, 2016

What is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide

Read Article
September 12, 2016

Cut Through Complexity with Consolidated Objectives

Read Article
August 19, 2016

What you need to know about the AICPA’s SOC 2 Content Update

Read Article
August 16, 2016

ZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More

Read Article
August 9, 2016

5 Tips to Prepare For Your First External Audit

Read Article
August 2, 2016

“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets

Read Article
July 26, 2016

Join Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets

Read Article
July 18, 2016

Get your Quick Guide to ZenGRC

Read Article
June 24, 2016

5 Common Mistakes That Will Make or Break Your Compliance Program

Read Article
June 16, 2016

ISO Certification 27001 Requirements & Standards

Read Article
June 10, 2016

ZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates

Read Article
May 11, 2016

ZenGRC v2.1 Release Features Improved Audit Capabilities, Simplified Customer Support

Read Article
April 29, 2016

Governance, Risk Management and Compliance Definitions

Read Article
April 21, 2016

Finding the Compliance Management Tool You Need

Read Article
March 31, 2016

5 Steps to Manage Third-Party Security Risks

Read Article
March 25, 2016

Compliance Best Practices: When Will Excel Crush You?

Read Article
February 25, 2016

How to Tell if it is Time to Start a Compliance Program [Infographic]

Read Article
February 11, 2016

Staying Compliant in the Cloud Without a Cybersecurity Attorney

Read Article
January 14, 2016

Are Compliance and Agility Mutually Exclusive? Absolutely Not!

Read Article
December 28, 2015

5 Steps to Securing Your Company Online From the Get-Go

Read Article
December 14, 2015

Compliance Could Be Your Selling Point

Read Article
November 30, 2015

5 Ways to Create a Culture of Security

Read Article
November 16, 2015

Keeping Your Feet on the Ground With Data in the Cloud

Read Article
October 21, 2015

Compliance as a Service: A Buzzword or a New Trend in Business?

Read Article
October 7, 2015

Top 3 Challenges When Updating Your Compliance Framework

Read Article
September 16, 2015

A Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen

Read Article
August 19, 2015

Humans: Data Security Strategy’s Worst Enemy

Read Article
August 12, 2015

Improve Security and Compliance with SAML

Read Article
July 14, 2015

Changes Are Coming For The Trust Services Principles And Criteria – Are You Ready?

Read Article
July 6, 2015

The Changing Risk Management Landscape

Read Article
June 8, 2015

5 Things to Know as You Prepare for a Compliance Audit

Read Article
May 25, 2015

Sourcing Responsibility to Vendors Could Be Your Biggest Mistake

Read Article
May 18, 2015

5 Steps to Build Processes that Safeguard your Most Sensitive Data

Read Article
May 4, 2015

The Rise of GRC is caused by the Rise of the Cloud

Read Article
April 27, 2015

Selecting the Right Service Organization Control Report for Outsourced Operations

Read Article
March 24, 2015

5 tips to implement Agile Compliance

Read Article
Slider Image

FAQs

July 21, 2020

What are GAAP Internal Controls?

Read FAQ
July 21, 2020

Are Public Companies Required to be Audited?

Read FAQ
July 17, 2020

What is a Data Retention Policy?

Read FAQ
July 17, 2020

What is Internal Control Review?

Read FAQ
July 17, 2020

What is an ISO Quality Audit?

Read FAQ
July 16, 2020

What is a CMMC Audit?

Read FAQ
July 16, 2020

What is the CMMC Framework?

Read FAQ
July 16, 2020

What is the Risk Management Process?

Read FAQ
July 16, 2020

What is a Risk-Based Internal Audit?

Read FAQ
July 2, 2020

How Frequently Should You Audit for SOC 2?

Read FAQ
July 2, 2020

What is an Internal Control Framework?

Read FAQ
July 2, 2020

What is Compliance Automation?

Read FAQ
July 2, 2020

SOC 1 vs SOC 2: What’s the Difference?

Read FAQ
July 2, 2020

What is Segregation of Duties in Auditing

Read FAQ
July 2, 2020

What is Digital Risk Management?

Read FAQ
July 2, 2020

What is the Segregation of Duties as it Relates to Controls?

Read FAQ
June 25, 2020

What is Internal Control in Auditing?

Read FAQ
June 25, 2020

What is Technology Risk?

Read FAQ
June 25, 2020

What is Hybrid Cloud?

Read FAQ
June 25, 2020

What is NIST 800-46?

Read FAQ
June 25, 2020

What Is a SOC 2 Audit?

Read FAQ
June 23, 2020

What are the CMMC Levels?

Read FAQ
June 23, 2020

How do I Prepare for an ISO Surveillance Audit?

Read FAQ
June 19, 2020

What Is Information Security Risk?

Read FAQ
April 28, 2020

What is a Third Party Under CCPA?

Read FAQ
April 25, 2020

What Does Risk Management Involve?

Read FAQ
April 25, 2020

What is Cybersecurity Maturity Model Certification (CMMC)?

Read FAQ
April 25, 2020

What is a Dynamic Risk Assessment?

Read FAQ
April 25, 2020

Who Can Perform a SOC 2 Audit?

Read FAQ
April 25, 2020

How Much Does a SOC 2 Audit Cost?

Read FAQ
April 22, 2020

What is a CMMC Assessment?

Read FAQ
April 18, 2020

What is the Gramm-Leach-Bliley Act?

Read FAQ
March 18, 2020

What Is a SOC 2 Type 2 Audit?

Read FAQ
March 18, 2020

What is a Vulnerability Scanner?

Read FAQ
March 18, 2020

What are Pipeline Security Guidelines?

Read FAQ
March 11, 2020

Why is Audit Evidence Important?

Read FAQ
March 11, 2020

What is a SSAE 18 Audit?

Read FAQ
March 10, 2020

What is an ISO Surveillance Audit?

Read FAQ
March 10, 2020

What are Supplier Management KPIs?

Read FAQ
March 10, 2020

What Are NIST Data Center Security Standards?

Read FAQ
March 10, 2020

What is the Vendor Security Alliance Questionnaire?

Read FAQ
March 10, 2020

What is Third-Party Vendor Management?

Read FAQ
March 9, 2020

What is NIST Privileged Access Management?

Read FAQ
March 7, 2020

What is Third-Party Risk Management?

Read FAQ
March 7, 2020

What is Security by Design?

Read FAQ
March 7, 2020

What is the Vendor Management Lifecycle in GRC?

Read FAQ
March 7, 2020

What is a Quality Management System (QMS)?

Read FAQ
March 6, 2020

What Is the Principle of Least Privilege?

Read FAQ
March 6, 2020

What is Holistic Risk Management?

Read FAQ
March 6, 2020

What are the Benefits of Integrated Risk Management

Read FAQ
February 22, 2020

NIST vs SOC 2: What’s the Difference?

Read FAQ
February 19, 2020

What is Integrated Risk Management?

Read FAQ
February 6, 2020

What is a Risk Register?

Read FAQ
February 6, 2020

What is Cybersecurity Risk Analysis?

Read FAQ
February 6, 2020

What is the CCPA’s Private Right of Action?

Read FAQ
February 6, 2020

What is a Vendor Risk Assessment?

Read FAQ
February 6, 2020

What are GDPR Fines and Penalties?

Read FAQ
February 6, 2020

What Are Risk Management Methodologies in Compliance?

Read FAQ
January 24, 2020

What are the 8 GDPR Rights of Individuals?

Read FAQ
January 15, 2020

What is the Gartner Magic Quadrant for Integrated Risk Management?

Read FAQ
January 15, 2020

What is Evidence Collection in Compliance?

Read FAQ
January 15, 2020

What is the Fraud Triangle?

Read FAQ
January 15, 2020

What is a Third-Party Risk Assessment?

Read FAQ
January 14, 2020

What is Cybersecurity Risk Management?

Read FAQ
January 11, 2020

What is a Compliance Framework?

Read FAQ
January 11, 2020

What is SOX Reporting?

Read FAQ
January 11, 2020

What is Data Governance?

Read FAQ
January 11, 2020

What is Supplier Risk Management?

Read FAQ
January 11, 2020

What is Data Compliance?

Read FAQ
January 11, 2020

What is Risk Identification?

Read FAQ
January 10, 2020

What is a Vendor Risk Management Program?

Read FAQ
January 10, 2020

What is a High-Risk Vendor?

Read FAQ
January 10, 2020

What’s the Difference Between Risk Appetite vs. Risk Tolerance?

Read FAQ
January 7, 2020

What are the 3 Types of Internal Controls?

Read FAQ
January 7, 2020

What is Cloud Compliance?

Read FAQ
January 2, 2020

What is Inherent Risk?

Read FAQ
January 2, 2020

What is a Security Risk Assessment?

Read FAQ
December 17, 2019

What is SB 561 for CCPA?

Read FAQ
December 16, 2019

What is a Network Vulnerability Assessment?

Read FAQ
December 12, 2019

What are the HITRUST Maturity Levels?

Read FAQ
December 12, 2019

What is Cloud Security Control?

Read FAQ
December 12, 2019

What is Risk Mitigation?

Read FAQ
December 11, 2019

What is Supply Chain Risk Management?

Read FAQ
December 10, 2019

What is an Internal Audit?

Read FAQ
December 10, 2019

What Are the Top Operational Risks for Banks?

Read FAQ
December 10, 2019

What’s the relationship between COBIT and TOGAF?

Read FAQ
December 10, 2019

What Are the NIST Special Publications?

Read FAQ
December 10, 2019

What Are NIST Controls and How Many Are There?

Read FAQ
December 10, 2019

What Is a HITRUST Audit?

Read FAQ
December 10, 2019

What is Information Security?

Read FAQ
December 4, 2019

Do I Need a SOC 2 Report?

Read FAQ
November 18, 2019

What are Information Security Threats?

Read FAQ
November 18, 2019

What are the Types of Information Security Controls?

Read FAQ
November 18, 2019

What are Information Security Controls?

Read FAQ
November 18, 2019

What is Information Security Governance?

Read FAQ
November 11, 2019

ISO Compliance vs. Certification: What’s the Difference?

Read FAQ
November 11, 2019

What Does ISO Certification Cost?

Read FAQ
November 11, 2019

NIST vs. ISO: What’s the Difference?

Read FAQ
November 11, 2019

What is the NIST CSF?

Read FAQ
November 6, 2019

What is ISO 9000?

Read FAQ
November 6, 2019

What is Compliance Management?

Read FAQ
November 5, 2019

What is ISO 9001?

Read FAQ
November 5, 2019

What Are the Steps of an Audit?

Read FAQ
November 5, 2019

Is NIST Mandatory?

Read FAQ
November 4, 2019

SOX Management Review Controls

Read FAQ
November 4, 2019

What is the ISO 27001 Standard?

Read FAQ
October 29, 2019

Who does the FCPA apply to?

Read FAQ
October 29, 2019

What does compliance mean in business?

Read FAQ
October 24, 2019

Which SOC Report Do You Need?

Read FAQ
October 21, 2019

To Whom Does the CCPA Apply?

Read FAQ
October 21, 2019

What is a compliance management system?

Read FAQ
October 21, 2019

What is compliance reporting?

Read FAQ
October 21, 2019

Is AWS HiTRUST Certified?

Read FAQ
October 21, 2019

Does FCPA Apply to Private Companies?

Read FAQ
October 21, 2019

What is the COSO Framework?

Read FAQ
October 21, 2019

What is a compliance audit?

Read FAQ
October 21, 2019

What is an audit management system?

Read FAQ
October 15, 2019

What are NIST Framework Controls?

Read FAQ
October 15, 2019

What is a Cybersecurity Framework?

Read FAQ
October 15, 2019

What is NIST?

Read FAQ
October 15, 2019

What are the three internal controls?

Read FAQ
September 24, 2019

Does My Business Qualify for One of the CCPA’s Exceptions?

Read FAQ
September 24, 2019

What is the ISO 27001 Standard?

Read FAQ
September 11, 2019

What are the penalties for violating the CCPA?

Read FAQ
September 11, 2019

What is the purpose of NIST?

Read FAQ
September 11, 2019

What is Cybersecurity?

Read FAQ
September 11, 2019

What is SOX compliance testing?

Read FAQ
September 11, 2019

What is a SOX control?

Read FAQ
September 6, 2019

What are the CCPA Categories of Personal Information?

Read FAQ
August 19, 2019

What is the ISO 31000 Standard?

Read FAQ
August 12, 2019

What are cybersecurity threats?

Read FAQ
August 12, 2019

Why is cybersecurity important?

Read FAQ
August 6, 2019

What Countries are Covered by GDPR?

Read FAQ
August 6, 2019

What is GDPR?

Read FAQ
August 6, 2019

What is personal data under GDPR?

Read FAQ
August 6, 2019

What is the ISO 27002 Standard?

Read FAQ
July 1, 2019

What are the five Trust Services Principles for SOC 2 and SOC 3?

Read FAQ
July 1, 2019

When should I consider a SOC 3 audit?

Read FAQ
June 10, 2019

SOX Compliance and Private Companies

Read FAQ
June 10, 2019

Why SOX Compliance is Required

Read FAQ
June 10, 2019

What is SOX compliance?

Read FAQ
June 10, 2019

What is SOX?

Read FAQ
June 10, 2019

COBIT vs ITIL

Read FAQ
June 10, 2019

What is COBIT?

Read FAQ
March 25, 2019

What is Vendor Risk Management?

Read FAQ
March 25, 2019

What is SSAE 18?

Read FAQ
March 25, 2019

What is ISO compliance?

Read FAQ
March 25, 2019

What is HITRUST CSF?

Read FAQ
March 25, 2019

What is HITRUST Compliance?

Read FAQ
March 25, 2019

What is COSO?

Read FAQ
March 25, 2019

What is Compliance Risk Management?

Read FAQ
March 25, 2019

What is an SSAE 18 Report?

Read FAQ
March 25, 2019

What is an ISO audit?

Read FAQ
March 25, 2019

What is a SOC Report?

Read FAQ
March 25, 2019

What is a SOC Audit?

Read FAQ
March 25, 2019

What is a risk management plan?

Read FAQ
March 25, 2019

What is a Risk Assessment Matrix?

Read FAQ
March 25, 2019

What does it mean to be ISO Certified?

Read FAQ
March 25, 2019

What are the ISO Standards?

Read FAQ
March 25, 2019

SSAE 18 Changes

Read FAQ
March 25, 2019

SOC 1 vs SOC 2

Read FAQ
Slider Image

Infographics

March 25, 2019

Does Your Business Need A Compliance Program?

Read Infographic
March 25, 2019

A Compliance Tool Roadmap

Read Infographic

Technology related Use Cases

CCPA

Below is CCPA related content that will save you lots of time and hassle.

Read articles

GDPR

Below is GDPR related content that will save you lots of time and hassle.

Read articles

ISO

Below is ISO related content that will save you lots of time and hassle.

Read articles

SOC

Below is SOC related content that will save you lots of time and hassle.

Read articles

COSO

Below is COSO related content that will save you lots of time and hassle.

Read articles

NIST

Read articles

SSAE

Below is SSAE related content that will save you lots of time and hassle.

Read articles

SOX

Below is SOX related content that will save you lots of time and hassle.

Read articles

HITRUST

Below is HITRUST related content that will save you lots of time and hassle.

Read articles

COBIT

Below is COBIT related content that will save you lots of time and hassle.

Read articles

HIPAA

Below is HIPAA related content that will save you lots of time and hassle.

Read articles

PCI

Below is PCI related content that will save you lots of time and hassle.

Read articles

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo