Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits […]

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs.

The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO 27701 […]

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom.

Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:

ISO 27001 A9.4.2: Where required by the access […]

Planning, Executing and Learning from Tabletop Exercises

Throughout the process of maturing your governance and compliance environment, you have likely encountered the need for conducting an annual or quarterly preparedness exercise, commonly referred to as a “tabletop exercise”.

These exercises are required for compliance with numerous standards, including ISO 27001/22301, GDPR, and SOC 2 just to name a few. While the focus of each tabletop may change, the format […]

ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program

When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can  read our whitepaper on the ISO […]

ISO 27701 Privacy Framework Could be the GDPR Certification We’ve Been Waiting For

Faced with regulatory penalties, an avalanche of due diligence questionnaires, and stringent contractual clauses, companies of all sizes have been impacted by GDPR. To date, most companies have tackled GDPR with sheer effort, investing billions of dollars toward compliance with little or no assurance their efforts have paid off. As a result, business leaders are left wondering “Are we compliant?” […]

Business Continuity Planning: It Takes a Village

 

Business Continuity Planning (BCP) and Disaster Recovery are essential tools for organizations of any size and maturity level; but what may not be apparent is the appropriate amount of resources required to ensure organizations are prepared with an effective BCP. All too often, the task of constructing and maintaining the organizations Business Continuity Plan falls to a select few or even […]

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

Thoughts on Building an Information Security Program that Sticks

Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors.

The problem for most organizations trying to build an information security […]