Inherent vs. Residual Risk, and How To Manage Them

Posted Posted on

In recent years, organizations have spent a tremendous amount of effort shifting to the cloud, improving their digital infrastructures, and making data more accessible. The pandemic has fast-tracked the shift to working from home, which has increased the use of cloud data storage. This shift has exposed organizations to new threats and magnified existing inherent Read more…

The Driving Forces For GRC

Posted Posted on

These days, businesses are becoming increasingly conscious of the importance of governance, risk, and compliance (GRC). However, it is still a challenge for organizations to pinpoint why and how they can successfully integrate information security and compliance program into their routine business operations.  Here are the driving forces for GRC that will allow your everyday business practices to contribute to managing risks, achieve compliance, and grow your organization.  Sales  Today the most important driver in any modern technology organization is still sales. Many organizations, regardless of industry require verification and certification against specific security Read more…

Product Update | July 2021

Posted Posted on

For this update, we have built several new features to increase user accessibility, improve system visibility, and make our forms and questionnaires increasingly useful across new use cases. Working towards a seamless data collection and user management experience, below is an overview of what’s included in our July update: Collaborator Portal The Collaborator Portal makes Read more…

Managing Third-Party Risk in Healthcare

Posted Posted on

For many industries, it has become common place for services to be outsourced to external organizations, and healthcare is no exception. While this process can be significantly more efficient, this support mechanism entails additional third-party risks which even the most vigilant company cannot always account for.  Whether tasked with managing third-party risk in smaller healthcare facilities or expansive hospitals and research centers, IT Read more…

ISO 27001 – Security Training & Awareness

Posted Posted on

Security training and awareness provides formal cybersecurity education to the workforce. The idea is to focus on security threats of your internal and external environment and to support individual capabilities as part of everyone’s role in the company. Having received the go-ahead from management for your ISO project, you have defined the scope of your Read more…

ISO 27001 – Defining Controls

Posted Posted on

Annex A of ISO 27001 is one of the most widely known lists of requirements of all the ISO standards. It provides companies with a structured checklist to define controls for their information security management system (ISMS) and to mitigate their cyber-related risks. Review the changes to ISO 27001:2022 controls here. In the previous article, we covered the necessary steps of identifying, evaluating, and treating Read more…

StandardFusion Named Best Compliance & GRC Software of 2021 in Independent Research

Posted Posted on

Digital.com, a leading independent review website for small business online tools, products, and services, has named StandardFusion among the Best Compliance Management Systems of 2021 and Best GRC Software of 2021 in independent research to help businesses better manage their Governance, Risk, and Compliance. Digital.com’s research team conducted a 40-hour assessment of over 70 solutions Read more…

ISO 27001 – Risk Management

Posted Posted on

There are many ways to approach risk management. When it comes to implementing an ISO 27001 compliant information security management system, controls are deployed using a risk-based approach. All the topics discussed in the first half of our guide, from the mandatory standard clauses to stakeholder communication, are directly linked to risk management. In part Read more…