Most organizations today have multiple compliance requirements and contractual obligations that require all employees to attest that policies and procedures have been read and acknowledged. However, it is generally just good business practice to validate that employees have truly read and understand the requirements of an organization. It’s important to build an effective process that tracks employee attestations and certifications to ensure that policies are being met and procedures are being followed.
The May 2018 implementation of the GDPR will impact the healthcare industry with numerous requirements that will necessitate stringent policies and procedures for compliance. The healthcare industry will be required to be even more diligent with personal data than current requirements demand. Within the GDPR, companies will be required to show how they are in compliance, not just report that they are in compliance.
With the continuing growth of ‘big data’, the tech industry will be greatly impacted by the implementation of the GDPR. Top data companies like Google, Facebook, Amazon, and Microsoft, along with all tech companies, will be required to restructure many of their policies and procedures in order to become GDPR compliant before its implementation.
The May 2018 implementation of the GDPR will soon impact many organizations in the financial services industry -- with numerous regulations that specifically require stringent policies and procedures for compliance. Banks are presumed to be a likely target for audits and enforcement actions. Here we cover what you need to know as a member of your organizations compliance or risk management functions.
Posted on January 16th, 2018 by Szuyin Leow
Third-party vendors are in many ways crucial to a company’s success, and yet many companies are using archaic systems like spreadsheets and emails to manage multiple vendors, processes, and millions of dollars in contracts. The time has come to move beyond the spreadsheet and onto a centralized system that streamlines the process and clarifies the procedure for everyone involved.
The General Data Protection Regulation (GDPR) is a single law in the European Union that will have a great impact on all multi-national companies that do business in the EU. The GDPR will be in effect on May 25th, 2018, and most companies must begin preparations now in order to meet the requirements by its implementation.
ERM has historically lacked perspective and perception to be applied holistically and consistently within an organization. Over the last 10-15 years, information technology and cybersecurity industry associations have staked their own claim to risk management practices, activities, and approaches. Thus, we find ourselves with numerous ERM, risk management, and risk governance definitions, standards, and frameworks. Given this, we'll explore what an ERM initiative means for your organization.
Forbes reports that 70% of firms experienced at least one cybersecurity incident in 2017. In the past year alone, Yahoo’s $4.8B takeover by Verizon was nearly derailed by two major data breaches at Yahoo; even the US presidential election may have been impacted by hackers. And the risks are only growing – cars are computers on wheels and planes are computers on wings. Cybersecurity risk has evolved from just personnel information and financial data to control of physical things. Where does an organization start to minimize cyber risk?
In 2012, the NAIC adopted the Risk Management and Own Risk and Solvency Assessment Model Act (#505) and although some state legislative processes have been slow to adopt, it is expected that most companies should be ready for ORSA and should be using it as part of their ERM framework by the end of 2017. This post explores the Enterprise Risk Management requirements of ORSA.