Home/Philip Brudney

About Philip Brudney

Philip is in charge of Security, Privacy, and Compliance research and quality assurance at risk3sixty. As part of Philip’s duties, he oversees privacy and attestation reporting and is the co-quality assurance manager for the assurance practice (SOC 1, SOC 2, and attestation reporting) where he is responsible for ensuring each engagement meets risk3sixty’s rigorous quality standards in line with AICPA requirements. Philip leads development and peer review of thought leadership, research, and whitepapers. In addition, Philip acts as the Data Protection Officer (DPO) for a wide array of US based firms facing GDPR compliance.

Webinar | Everything You Need to Prepare for ISO 27701 Certification

Check out our webinar from Philip Brudney and Christian Hyatt in which they discuss everything you need to prepare for an ISO 27701 certification, including the link between ISO 27701 and ISO 27001. As a bonus, they also discuss the implementation and certification process. See also: Podcast | Everything You Need to Prepare for ISO 27701 Certification https://www.youtube.com/watch?v=OInOVF3k_uI&feature=youtu.be

By |2020-06-29T17:28:46+00:00July 1st, 2020|IT Audit & Compliance, Webinars|0 Comments

Maximizing the Value of Your Privacy Impact Assessment

Telling your privacy story through a PIA As privacy regulations have proliferated, companies have been scrambling to address the many new compliance requirements. One component that can prove challenging to implement is the Privacy Impact Assessment.  Note: you can see our earlier whitepaper here. While the Privacy Impact Assessment may initially be considered a compliance exercise, when properly leveraged it can [...]

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs. The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO [...]

By |2020-01-23T19:24:19+00:00November 4th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

ISO 27701 Privacy Framework Could be the GDPR Certification We’ve Been Waiting For

Faced with regulatory penalties, an avalanche of due diligence questionnaires, and stringent contractual clauses, companies of all sizes have been impacted by GDPR. To date, most companies have tackled GDPR with sheer effort, investing billions of dollars toward compliance with little or no assurance their efforts have paid off. As a result, business leaders are left wondering "Are we compliant?" and [...]

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

By |2020-01-17T21:17:50+00:00March 25th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

European Parliament Votes Against Privacy Shield

The EU-US Privacy Shield may soon be a thing of the past after the European Parliament passed a resolution on July 5th, calling on the European Commission to suspend the agreement unless the U.S. takes further action by September 1st of this year to become compliant with the Privacy Shield requirements.    The data transfer agreement bridges the gap between EU [...]

By |2020-01-17T21:35:59+00:00July 11th, 2018|IT Audit & Compliance|0 Comments

New Guidance Clarifies GDPR’s Data Protection Impact Assessment (DPIA) Requirements

The Data Protection Impact Assessment (DPIA) is a significant new burden on data controllers under GDPR.  As many have noted, GDPR does not clearly outline when a DPIA is required, instead referring to processing “likely to result in a high risk to the rights and freedoms of natural persons.” Article 35(4) charges supervisory authorities with developing a list of processing operations [...]

SEC Issues New Cybersecurity Guidance: What you need to know

On February 21, 2018, the SEC issued new guidance on cybersecurity disclosures for public companies. As an “interpretive release,” the new guidance interprets existing laws. In this case, the SEC has clarified the statutes that may affect reporting of cybersecurity risks and incidents. The guidance also addresses various costs and consequences of cybersecurity that should be considered when preparing disclosures. The [...]