-
Risk-based audit methodology: How to achieve enterprise security
Discover how using a risk-based audit methodology can achieve better enterprise security. Learn how to develop an internal IT audit program, implement risk mitigation methods and develop controls and ensure they are effective. Learning Guide
-
FAQ: What is the impact of a compliance audit on IT operations?
Find answers and resources to frequently asked questions regarding the impact of compliance audits on IT operations. FAQ
-
PCI DSS FAQ: The Payment Card Industry Data Security Standard and IT
This resource provides answers and resources to frequently asked questions regarding the Payment Card Industry Data Security Standard (PCI DSS). FAQ
-
The right business strategy for corporate social responsibility
Something happens when the word "sustainability" comes up. People become fixated on the environmental aspects of corporate social responsibility and forget about the economics. Chapter Excerpt
-
Chapter excerpt: The Three Core Disciplines of IT Risk Management
IT risk management is built on a well-structured foundation of IT assets, a well-designed and executed risk governance process and a risk-aware culture. Chapter Excerpt
-
Stage set for EPIC fight against Google privacy policy
The Electronic Privacy Information Center has resorted to legal tactics as it continues efforts to block implementation of a new Google privacy policy. News | 13 Feb 2012
-
Staying vigilant key to meeting regulatory compliance standards
Regulatory compliance standards, users and threats are becoming increasingly sophisticated as technology evolves. To stay compliant in 2012, you need a proactive approach. News | 09 Jan 2012
-
Compliance Q&A: Chief audit executives seek credibility with C-suite
With corporate scandals elevating the importance of chief audit executives, now is the time for CAEs to strategically partner with the C-suite, says Deloitte veteran Shayne Gregg. News | 25 Oct 2010
-
When compliance-related best efforts for data archiving aren't enough
Compliance regulations often dictate that organizations demonstrate "best efforts" for archiving data. But managers need to plan for the retrieval of data as well. News | 30 Jul 2010
-
How to meet compliance regulations with Windows Active Directory
Some say mixing Microsoft Active Directory (AD) and compliance kills innovation. But with some outside-the-box thinking, AD can help meet compliance regulations. News | 23 Jul 2010
-
Supreme Court hears 'sexting' case on employee privacy rights
The Supreme Court's decision in a "sexting" case involving a police officer and a pager could broadly affect employee privacy rights -- or not. Either way, the message for CIOs is clear. Article | 21 Apr 2010
-
What will the PCAOB case in the Supreme Court mean for SOX compliance?
A case before the U.S. Supreme Court is challenging the authority of the entity that oversees public company auditors -- but don't expect SOX compliance to go away. Article | 28 Dec 2009
-
Federal data breach notification law passes in U.S. House
The U.S. House of Representatives passed the Data Accountability and Trust Act (DATA), H.R. 2221, the first step toward a comprehensive national data breach notification law. Article | 09 Dec 2009
-
Facing uncertainty, IT turns to governance, risk and compliance, ERM
During the worst recession in decades, interest in governance, risk and compliance was high. Experts predict the same for 2010, pushed by regulation economic uncertainty. Article | 11 Nov 2009
-
ISO 27001 certification not enough for verifying SaaS, cloud security
As SaaS and cloud vendors promote security standards like ISO 27001 or SAS 70, experts urge users to delve deeper. What matters is that vendors meet your security needs. Article | 21 Oct 2009
- See More: News on Regulatory compliance audits
-
Avoid duplicated efforts to cut the cost of regulatory compliance
The cost of regulatory compliance does not have to break the bank -- getting rid of duplicated efforts in compliance strategy is a good place to start. Tip
-
Learning to manage risk-based internal controls must be a priority
With internal controls based on some level of risk, organizations should make management of internal risk-based controls a critical business activity. Tip
-
Log management and compliance: What's the real story?
As more companies deploy security information and event management tools, as well as log management solutions, it's time to take a look at the regulations that apply to logging. Tip
-
Sorting through GRC framework questions
An IT or enterprise GRC program needs coordination, and that's where governance, risk and compliance frameworks can be useful. Here's an overview. Tip
-
Risk management and agile principles in cloud computing
To maintain regulatory compliance in adopting cloud computing, apply risk management and agile development principles. Tip
-
Go beyond a checklist audit for real IT security and data protection
Audit checklists can serve an important purpose, but a simple checklist audit can lead to poor IT security and data protection, and possible data breaches. Tip
-
Effective compliance document management in five days
Effective compliance document management can be simple or really complex and costly. Here are some steps to get your priorities in place to help survive those audits. Tip
-
HIPAA-covered entities' first step should be a quality assurance plan
HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Tip
-
PCI DSS compliance fails to raise the bar on financial fraud
Experts say PCI DSS compliance does not prevent sophisticated online financial fraud schemes. Security and compliance managers need to go beyond the standard. Tip
-
HIPAA-covered entities, business associates confront HITECH rules
How HIPAA covered entities and HIPAA business associates should implement new, tougher health care and data privacy rules set by the HITECH Act. Tip
- See More: Tips on Regulatory compliance audits
-
PCI compliance (payment card industry compliance)
Payment card industry (PCI) compliance is adherence to a set of security standardsthat were developed to protect card information during and after a financial transaction. Word
-
compliance validation
In compliance, validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out. Continued... Word
-
compliance audit
A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polic... Word
-
Stage set for EPIC fight against Google privacy policy
The Electronic Privacy Information Center has resorted to legal tactics as it continues efforts to block implementation of a new Google privacy policy. News
-
Staying vigilant key to meeting regulatory compliance standards
Regulatory compliance standards, users and threats are becoming increasingly sophisticated as technology evolves. To stay compliant in 2012, you need a proactive approach. News
-
Avoid duplicated efforts to cut the cost of regulatory compliance
The cost of regulatory compliance does not have to break the bank -- getting rid of duplicated efforts in compliance strategy is a good place to start. Tip
-
Compliance Q&A: Chief audit executives seek credibility with C-suite
With corporate scandals elevating the importance of chief audit executives, now is the time for CAEs to strategically partner with the C-suite, says Deloitte veteran Shayne Gregg. News
-
Learning to manage risk-based internal controls must be a priority
With internal controls based on some level of risk, organizations should make management of internal risk-based controls a critical business activity. Tip
-
When compliance-related best efforts for data archiving aren't enough
Compliance regulations often dictate that organizations demonstrate "best efforts" for archiving data. But managers need to plan for the retrieval of data as well. News
-
How to meet compliance regulations with Windows Active Directory
Some say mixing Microsoft Active Directory (AD) and compliance kills innovation. But with some outside-the-box thinking, AD can help meet compliance regulations. News
-
Log management and compliance: What's the real story?
As more companies deploy security information and event management tools, as well as log management solutions, it's time to take a look at the regulations that apply to logging. Tip
-
Risk-based audit methodology: How to achieve enterprise security
Discover how using a risk-based audit methodology can achieve better enterprise security. Learn how to develop an internal IT audit program, implement risk mitigation methods and develop controls and ensure they are effective. Learning Guide
-
Supreme Court hears 'sexting' case on employee privacy rights
The Supreme Court's decision in a "sexting" case involving a police officer and a pager could broadly affect employee privacy rights -- or not. Either way, the message for CIOs is clear. Article
- See More: All on Regulatory compliance audits
About Regulatory compliance audits
Regulatory compliance audits are used to evaluate and measure how well a company is adhering to mandatory regulations. Browse the latest news, advice, commentary and best practices for preparing your organization for regulatory compliance audits.