If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits […]
Identifying and maintaining measures of success in privacy programs.
The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs. As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements. One such area involves the governance of an ISO 27701 […]
ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program
When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can read our whitepaper on the ISO […]
Faced with regulatory penalties, an avalanche of due diligence questionnaires, and stringent contractual clauses, companies of all sizes have been impacted by GDPR. To date, most companies have tackled GDPR with sheer effort, investing billions of dollars toward compliance with little or no assurance their efforts have paid off. As a result, business leaders are left wondering “Are we compliant?” […]
Does your company perform a risk assessment? If you said yes, what did you mean by “risk assessment”?
I ask because often when people say “risk assessment” they are thinking “gap analysis”. As an IT auditor sometimes our instinct is to select our favorite security framework (probably ISO 27001 or NIST 800-53) and begin identifying gaps in the control environment.
Even when we have “great” audit findings, […]