Designing an Effective Process to Track Employee Policy Attestations and Certifications

Posted on March 21st, 2018 in Policy Management by Matt Kunkel

Most organizations today have multiple compliance requirements and contractual obligations that require all employees to attest that policies and procedures have been read and acknowledged. However, it is generally just good business practice to validate that employees have truly read and understand the requirements of an organization. It’s important to build an effective process that tracks employee attestations and certifications to ensure that policies are being met and procedures are being followed.


GDPR Industry Focus: Impact of GDPR on Healthcare, Pharma, and PHI

Posted on March 12th, 2018 in GDPR, Regulations, Compliance by Szuyin Leow

The May 2018 implementation of the GDPR will impact the healthcare industry with numerous requirements that will necessitate stringent policies and procedures for compliance. The healthcare industry will be required to be even more diligent with personal data than current requirements demand. Within the GDPR, companies will be required to show how they are in compliance, not just report that they are in compliance. 


GDPR Industry Focus: How Does GDPR Impact the Tech Industry

Posted on February 26th, 2018 in GDPR, Compliance, Regulations by Szuyin Leow

With the continuing growth of ‘big data’, the tech industry will be greatly impacted by the implementation of the GDPR. Top data companies like GoogleFacebookAmazon, and Microsoft, along with all tech companies, will be required to restructure many of their policies and procedures in order to become GDPR compliant before its implementation.


GDPR Industry Focus: How does the GDPR impact Financial Services?

Posted on February 21st, 2018 in GDPR, Regulations, Compliance by Jon Siegler

The May 2018 implementation of the GDPR will soon impact many organizations in the financial services industry -- with numerous regulations that specifically require stringent policies and procedures for compliance. Banks are presumed to be a likely target for audits and enforcement actions. Here we cover what you need to know as a member of your organizations compliance or risk management functions.


It’s Time to Move Beyond the Spreadsheet for Vendor Risk Management

Posted on January 16th, 2018 by Szuyin Leow

Third-party vendors are in many ways crucial to a company’s success, and yet many companies are using archaic systems like spreadsheets and emails to manage multiple vendors, processes, and millions of dollars in contracts. The time has come to move beyond the spreadsheet and onto a centralized system that streamlines the process and clarifies the procedure for everyone involved.


GDPR Basics: What you Need to Know to Ensure Compliance

Posted on December 7th, 2017 in GDPR, Compliance, GRC, Regulations by Jon Siegler

The General Data Protection Regulation (GDPR) is a single law in the European Union that will have a great impact on all multi-national companies that do business in the EU. The GDPR will be in effect on May 25th, 2018, and most companies must begin preparations now in order to meet the requirements by its implementation.


Hitting the Reset Button on ERM: How to Define ERM for Your Organization

Posted on July 17th, 2017 in ERM, Risk Management, Regulations by Noah Gottesman

ERM has historically lacked perspective and perception to be applied holistically and consistently within an organization. Over the last 10-15 years, information technology and cybersecurity industry associations have staked their own claim to risk management practices, activities, and approaches. Thus, we find ourselves with numerous ERM, risk management, and risk governance definitions, standards, and frameworks. Given this, we'll explore what an ERM initiative means for your organization.


First Step to managing Information Security: Threat and Vulnerability Assessments

Posted on April 18th, 2017 in Risk Management, Cybersecurity by John Oommen

Forbes reports that 70% of firms experienced at least one cybersecurity incident in 2017. In the past year alone, Yahoo’s $4.8B takeover by Verizon was nearly derailed by two major data breaches at Yahoo; even the US presidential election may have been impacted by hackers. And the risks are only growing – cars are computers on wheels and planes are computers on wings. Cybersecurity risk has evolved from just personnel information and financial data to control of physical things. Where does an organization start to minimize cyber risk?


Enterprise Risk Management Requirements of ORSA

Posted on March 15th, 2017 in Risk Management, Regulations by Jon Siegler

In 2012, the NAIC adopted the Risk Management and Own Risk and Solvency Assessment Model Act (#505) and although some state legislative processes have been slow to adopt, it is expected that most companies should be ready for ORSA and should be using it as part of their ERM framework by the end of 2017. This post explores the Enterprise Risk Management requirements of ORSA.


Personal Liability for CCOs: How to Negotiate the Growing Concern

Posted on October 24th, 2016 in GRC, Compliance by Jon Siegler

In early 2016, the Wall Street Journal published an article titled, “The Most Thankless Job on Wall Street Gets a New Worry,” and it’s no exaggeration—chief compliance officers (CCOs) are increasingly finding themselves in the limelight for compliance failures. In cases where CCOs are found to be willfully negligent of their duties, they’re having to pay out-of-pocket, sometimes in the millions.