Tag Archive: controls

How Can RMIS Support Risk Management?

Written by
Published 07/10/2018

A risk management information system (RMIS) allows you to automate many of the difficult to organize tasks involved in compiling, storing, and communicating risk information.

The real reason you should fear the GDPR deadline

Written by
Published 05/28/2018

Now that May 25 has past, it’s time to push the panic button if you don’t comply with the European Union’s Global Data Protection Regulation (GDPR). Right? Judging from the alarm bells sounding across the blogosphere, that’s what many would have you believe. If you haven’t reached GDPR compliance by the deadline, they say, you should be afraid. I agree—but not for the reasons you might think. How did we get here? Organizations have had two years to comply with this sweeping regulation, and perhaps should have seen it coming long before. The GDPR was in the works, and in the news, for four years before being adopted in April 2016. But maybe some CIOs weren’t paying close attention. The…

Tags: ,
Categorized in:

Cut Through Complexity with Consolidated Objectives

Written by
Published 09/12/2016

Compliance is complex stuff. No matter your organization size or industry, chances are you’re wrestling with the challenge of complying with a growing number of regulations. Unfortunately, the burden to manage your compliance and penalties for not being compliant only increase as your business expands. The reality is that requirements and controls in various regulatory frameworks often overlap, and differing schedules for updates or changes to these frameworks can result in a lot of duplicative work and wasted resources for your compliance team. Automated tools can make managing your compliance program a less daunting task, but one of the best ways to simplify your compliance program is to implement consolidated objectives. Simply put, consolidated objectives are common requirements across regulatory…

Top 3 Challenges When Updating Your Compliance Framework

Written by
Published 10/07/2015

Well, it’s happened again. The framework you worked so hard to implement across your company needs updating. This typically occurs every 4-6 years to provide organizations with enough time to prepare. For example, Sarbanes-Oxley, GLBA/FFIC, FISMA, and HIPAA are frameworks associated with traditional computing. Traditional frameworks like these took a long time to update. Yet, in the last several years, frameworks covering new technology change every 2-3 years. Standards that cover cloud, mobile, encryption, and vendor management fit this new model.  Thus, you will need to prepare to update your framework on an annual basis to keep up with all the changes. Each change to your existing compliance framework will pose a challenge. First, you should understand the impact the…

Tags: , , , ,
Categorized in:

A Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen

Written by
Published 09/16/2015

Most organizations begin their path towards compliance using the tools at their disposal. Tools help organizations start their compliance journey, but they can cause some problems. You should take into account these compliance pitfalls so that you can have a smoother compliance journey. Pitfall #1 – Ensure everyone is working off of the latest version The first thing that a compliance team will do is identify the controls to test. To test a control you need to provide evidence. Evidence comes in many forms such as screenshots, archived emails, or system configuration. The list of controls that you compile for testing will evolve. For example, you may determine that some controls are “not applicable” and remove those. If you fail a…

Tags: , , ,
Categorized in: