7 ways the GDPR affects your organization

If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…

Why use standard agnostic controls in your compliance program

The adoption of a corporate-wide compliance program is one of the most demanding projects you may undertake. Furthermore making the most of time-consuming tasks such as controls implementation, requires not only the experience and knowledge but also a holistic approach at the design level. Every organization is different.  Standards were created keeping in mind that Read more…

How to manage the 2016 SOC 2 Content Update

In our ever changing technological and corporate environment, it is only natural for standards and best practices to receive regular updates that try to both accommodate corrections and improvements. That is what just recently happened to the American Institute of Certified Public Accountants criteria for the Trust Services Principles (TSP) by releasing a SOC 2 Content Read more…

Six features to consider when evaluating GRC platforms

Governance, Risk, and Compliance (GRC) is increasingly becoming a more integral part of most businesses, especially with mandates of risk analysis and information security integration within all aspects of business processes. Most organizations have regulatory, contractual or legal requirements obligations, and complying with these may seem like a daunting task to manage, and it can Read more…

Have you evaluated the risk of your ISO 27001 Statement of Applicability?

A misconception about the ISO 27001 Statement of Applicability (SOA) is that this document should be classified as public, viewable by anyone requesting to view it. Classifying the document as such could be potentially dangerous to your organization, breaching the Information Security Management System it represents. To understand why this could be detrimental to your Read more…