Problem solve

Managing governance and compliance

• 4 GDPR strategy tips to bring IT processes up to speed

  The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules. Continue Reading

• GDPR and AI: Data collection documentation essential to compliance

  It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant. Continue Reading

• At Google, company culture key is to assuring consumer privacy

  The lack of comprehensive federal privacy legislation leaves not only consumers vulnerable, but also companies frustrated. Many consumers lack information about the many ways their personal data is ... Continue Reading

• Cybersecurity and privacy compliance: The delicate balance

  As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has ... Continue Reading

• Cloud risk management: Governance strategies to protect digital assets

  As the digital age continues to strain information governance budgets, many companies have turned to the cloud to reduce data storage costs: Market analyst firm IDC predicts spending on public cloud services will exceed $127 billion in 2018, ... Continue Reading

• Mobile data security creates big governance challenges

  As devices are used for increasingly complex processes, data becomes more vulnerable to loss. To keep pace, IT and security executives are developing comprehensive mobile data security plans and implementing stronger technology solutions.Continue Reading

• Keep devices regulation ready with compliant mobile data management

  In this tip, learn how to prepare and implement a mobile data management policy that protects your organization against compliance violations.Continue Reading

• Lacking internal security governance big threat to data

  Modern companies constantly seek improved data protection, and a great place to start is a reexamination of internal security governance processes.Continue Reading

• Education, awareness key to fighting cybersecurity threats

  As cybersecurity threats expand in scope, security strategist Reg Harnish says it is vital to educate and train end users on their data protection roles.Continue Reading

• Governance and analytics reduce big data risk, boost information value

  In this Q&A, ARMA 2014 Conference presenter Barclay T. Blair discusses how information governance strategies can help with big data risk management.Continue Reading

• Study reveals legal obstacles created by data protection laws

  A new study has that found data protection laws and state secrecy rules have created legal obstacles for businesses conducting operations in Asia.Continue Reading

• Thwart 'dark data' risk with data classification tools

  As 'dark data' piles up, so do its associated risks and information governance issues. In this Ask the Expert, Derek Gascon offers steps for addressing dark data's GRC complications and explains how new data classification tools can help.Continue Reading

• How has the FTC targeted improvements to data privacy and security?

  As businesses continue to collect and share the personal data of unknowing consumers, the FTC has pushed for improved privacy and security standards.Continue Reading

• Digital information age informs GRC management

  In this #GRCchat recap, participants discuss how governance challenges in the digital information age influence companies' GRC management strategy.Continue Reading

• Cloud-based software: Who is responsible for security in the cloud?

  When it comes to cloud-based software and services, who is responsible for security and compliance in cloud computing? #GRCchat participants weigh in.Continue Reading

• How to ensure security and privacy in mobile device management policy

  In this Ask the Expert, attorney Jeffrey Ritter discusses why clear data privacy and security rules are essential to mobile device management policy.Continue Reading

• GRC regulations force cloud services providers and customers to adapt

  As governance, risk and compliance regulations continue to expand, cloud services providers and customers must be willing to adapt their data management and security processes.Continue Reading

• The four essential rules of mobile information management

  As consumer devices are increasingly used to create and transmit corporate data, businesses are forced to rethink mobile information management.Continue Reading

• Use top-down risk assessment to break compliance and security barriers

  Combining compliance and security resources is difficult, but a company-wide risk assessment can help reduce redundant processes and improve GRC.Continue Reading

• Safeguard data with training and remote device wipe capabilities

  In this #GRCchat recap, learn why remote device wipe is a good option for IT departments looking to safeguard data -- both corporate and personal.Continue Reading

• NSA data collection raises corporate privacy, info management concerns

  We've searched our sister sites and uncovered great content explaining how NSA data collection efforts are influencing corporate privacy and security.Continue Reading

• Walking the tightrope: The compliance and security balancing act

  Just because data is secure does not mean it's compliant, and vice versa. In this tip, learn how to strike the right compliance and security balance.Continue Reading

• #GRCchat: Streamline management and ensure compliance with a GRC plan

  Our #GRCchat participants say that information governance should help them streamline management efforts, reduce storage costs and ensure compliance.Continue Reading

• ARMA 2013: Tech poses new challenges for records management strategy

  In this ARMA 2013 video Q&A, ARMA International's Diane Carlisle discusses how modern technology poses new records management strategy challenges.Continue Reading

• Adapt continuous monitoring of data to benefit compliance controls

  In this tip, learn how integrating data security continuous monitoring processes with regulatory controls provides big benefits for compliance teams.Continue Reading

• Q&A: Adapting data governance strategies to the digital age

  Data governance expert Jeffrey Ritter discusses how incorporating modern information management best practices can improve overall business processes.Continue Reading

• Preparation underway for Dodd-Frank conflict mineral disclosures

  Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations.Continue Reading

• Cloud provider research, due diligence needed to maintain compliance

  In this tip, learn the information you need when choosing a cloud provider to ensure regulatory compliance and protect vulnerable company data.Continue Reading

• Three strategies to align organizational compliance and security goals

  Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals.Continue Reading

• Deriving value through data quality analysis and big data governance

  Stuart Brown discusses the opportunity that lies in data quality analysis and in defining what big data governance mean to your organization.Continue Reading

• FAQ: Can businesses fight secret surveillance information requests?

  U.S. surveillance laws state companies can fight data requests in court. But do businesses really have any leeway when challenging these orders?Continue Reading

• Competitive gain can be found within a corporate compliance program

  HIPAA expert Roy Snell discusses using a corporate compliance program to boost business strategies and ensure patient privacy in the big data era.Continue Reading

• How compliance professionals can maintain GRC during cloud deployment

  Compliance professionals are often left out of the cloud deployment loop by the business and IT. Here's how they can still ensure compliance and reduce risk.Continue Reading

• The GRC program value proposition: Advice for compliance professionals

  Some organizations don't see the value proposition of a GRC program. Our sister sites offer compliance professionals expert advice on why GRC matters.Continue Reading

• Mobile device management strategy still comes down to policy, planning

  Personal devices continue to gain popularity in business settings, making the development of a comprehensive mobile device management policy inherent to protect corporate data.Continue Reading

• Balance financial, risk aspects during electronic equipment disposal

  IT asset management expert Barb Rembiesa discusses the data security risk -- and potential business benefits -- of electronic equipment disposal.Continue Reading

• BYOD and cloud use complicate information risk in the big data age

  Learn how BYOD and cloud use are influencing many companies' information risk processes and how to overcome these security concerns.Continue Reading

• Mobile device management best practices for the connected organization

  Mobile devices force reexamination of many data processes. In this tip, learn mobile device management best practices for the consumerized workplace.Continue Reading

• Experts: Base GRC strategy, technology on corporate framework

  Every business has its own unique risks, environment and compliance rules, and all these aspects must be considered when developing GRC strategy.Continue Reading

• Overcoming the data governance and security implications of BYOD

  In this tip, learn the data governance and security obstacles businesses must consider when implementing a BYOD policy, and how to overcome them.Continue Reading

• Compliance rules complicate nonprofits' move to cloud-based computing

  As nonprofits turn to cloud-based computing, these organizations must be aware of how moving to the cloud influences regulatory compliance processes.Continue Reading

• Incorporate ERM frameworks for cloud computing information security

  Cloud computing information security is a big concern for many companies. Here are several readily available risk management frameworks that can help.Continue Reading

• Information security and compliance in harmony with cloud deployment

  The relationship between information security and compliance can be tenuous, but the cloud is forcing changes in how the two disciplines interact.Continue Reading

• The ABCs of meeting quarterly PCI scanning requirements

  For some organizations, quarterly PCI DSS scanning requirements create confusion. Here are tips on the PCI scanning process to help stay compliant.Continue Reading

• Best practices to navigate the Dodd-Frank/SEC whistleblower program

  The SEC whistleblower program provides monetary rewards for reporting Dodd-Frank violations. Here's how strong reporting processes can protect you.Continue Reading

• Audits, maintenance crucial to business continuity policy success

  IT-related disasters happen to even the best-prepared companies. Here's how to build a business continuity policy to keep processes running smoothly.Continue Reading

• Integrate information governance policy for corporate strategy success

  In this tip, our expert explains how incorporating information governance policy best practices can have huge benefits to overall corporate strategy.Continue Reading

• Get a free IT or corporate compliance plan template for assessing risk

  To adhere to regulatory guidelines, companies must develop strong compliance programs. These free IT and corporate compliance plan template examples can help.Continue Reading

• Vulnerability assessment vs. penetration test: Which is right for you?

  Learn the differences between a vulnerability assessment and a penetration test and how to determine which is better for your IT compliance processes.Continue Reading

• Beware the perils of organization-wide compliance policy involvement

  Kevin Beaver explains how input from myriad departments and staff -- all with selfish interests -- can negatively influence compliance policy.Continue Reading

• Audit management: Five strategies to streamline the PCI audit process

  Tired of the same Payment Card Industry (PCI) assessment headaches every year? Here are five process strategies to streamline the PCI audit process.Continue Reading

• The sometimes-harsh realities of information security and compliance

  Following information security and compliance regulations can hinder your everyday business processes. Here's why you need to strike a proper balance.Continue Reading

• Top 10 compliance and security articles for midmarket CIOs

  Read our top compliance and security articles for tips on risk management solutions, identity management in the cloud and more.Continue Reading

• How regulation should -- and shouldn't -- influence cybersecurity policy

  Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security.Continue Reading

• Pilot program best practices to help determine your GRC requirements

  It’s important to be familiar with your organization's exact GRC requirements when choosing which tools to buy, build or outsource. Here’s how a pilot program can help guide you.Continue Reading

• New and not-so-new security twists in the Cybersecurity Act of 2012

  The Cybersecurity Act of 2012 gives the government more control over the private sector’s information security. But are the new rules really needed? Our expert says no.Continue Reading

• Our dangerous overdependence on information technology audits

  Although information technology audits can uncover GRC gaps, lower-level issues are often overlooked when relying on them for security assurance, says contributor Kevin Beaver.Continue Reading

• Sustainability: From strategic objective to compliance operation

  With the increased interest in going green, sustainability and compliance are now directly related. But making sustainability integral to your compliance operation is not easy.Continue Reading

• False alarms: Analyzing your leading risk management indicators

  To alleviate risk, it’s necessary to validate risk management indicators specific to your organization. Here’s how, and why avoiding it could negatively affect your GRC program.Continue Reading

• Using governance, risk and compliance to improve business performance

  Governance, risk and compliance are vital to every successful business, but our expert says companies often don’t take advantage of GRC’s critical influence on performance.Continue Reading

• Best practices to help meet your organizational compliance objectives

  Meeting compliance objectives is not just up to IT anymore -- a collaborative approach is necessary. Here’s advice to achieve top-down organizational compliance at your company.Continue Reading

• Q&A: Fit sustainability into an enterprise risk management strategy

  IT strategy expert Adrian Bowles discusses risk management and sustainability trends, and why joining the two is vital to a solid and comprehensive enterprise risk management strategy.Continue Reading

• Best practices for risk management and sustainability convergence

  As the term ”sustainability" has become popular in business, some have questioned its relationship with GRC. But risk management and sustainability are not mutually exclusive.Continue Reading

• Five tips to balance risk management and compliance

  Being protected from risk does not automatically mean you are compliant. Learn how you can properly balance risk management and compliance with tips from some of our top articles.Continue Reading

• Managing information risk inherent to an effective compliance strategy

  An effective compliance strategy requires more than simply adhering to laws and regulations. Staying compliant also requires attention to managing information risk.Continue Reading

• Act now to prevent smartphone security risks at your organization

  Smartphone security risks have become a huge compliance challenge for many enterprises, but being proactive and implementing security policies can help prevent smartphone hacking.Continue Reading

• Global IT outsourcing raises compliance, risk management concerns

  Outsourcing can add to compliance risk management problems for federally regulated groups whose work involves sensitive areas like national security.Continue Reading

• Social media monitoring solutions track sites, protect your brand

  Social media's popularity has left some companies vulnerable to bad word of mouth or leaks of confidential information. But social network monitoring tools are available to help.Continue Reading

• Compliance in flux as confusion surrounds social network monitoring

  As companies increasingly use social media to promote business, social media policies and social network monitoring are gaining popularity. But compliance questions remain.Continue Reading

• Set social media risk management policies by preparing for the worst

  With social media, mistakes can (and do) happen. When developing a social media risk management strategy, it's best to prepare for worst-case scenarios. Here are four of them.Continue Reading

• Five compliance strategy tips to help diminish your risks

  Having a tough time developing the right compliance strategy? Check out our must-reads to help you find ways to develop best practices, diminish risk and reduce costs.Continue Reading

• Avoid duplicated efforts to cut the cost of regulatory compliance

  The cost of regulatory compliance does not have to break the bank -- getting rid of duplicated efforts in compliance strategy is a good place to start.Continue Reading

• How GRC, sustainability and CSR relate to one another

  How your organization determines the relationships among GRC, sustainability and CSR depends on the context of each item -- and is dependent on management's goals.Continue Reading

• The long-term consequences of not addressing compliance programs today

  The lack of a sound corporate compliance plan can lead to regulatory sanctions, a data breach or both. It's time to reassess your compliance plan to avoid long-term consequences.Continue Reading

• It's elementary: IBM's Watson computer could be your next GRC tool

  IBM's Watson computer gave an impressive performance in beating two of the best champions on "Jeopardy!" Find out why our expert thinks Watson also has much to offer as a GRC tool.Continue Reading

• Cloud compliance, legal issues take center stage as cloud use expands

  As more companies turn to cloud computing to solve business needs, heeding cloud compliance regulations and solving cloud computing legal issues are more important than ever.Continue Reading

• Reconsider your enterprise energy management strategy as policies loom

  U.S. policy changes could be the impetus for innovative enterprise energy management and carbon management strategies. Consider changes now to stay compliant in the future.Continue Reading

• Tips for explaining information governance strategy to management

  Discussing an information governance strategy's value and potential with senior management can be a challenge. Here are five tips to help explain the attributes for success.Continue Reading

• How NIST SP 800-39 will refine enterprise-wide risk management

  New NIST SP 800-39 guidelines refine governance models to help incorporate enterprise-wide risk management and assist organizations in making better risk-based decisions.Continue Reading

• Why voluntary compliance with compliance regulations is a good thing

  Some firms are opting for voluntary compliance with unnecessary regulations. Here are the benefits to following compliance regulations that don’t legally apply to your business.Continue Reading

• A new framework for records management and compliance programs

  Records management and compliance programs are now converging, but three new regulatory initiatives could prove problematic for this growing synergy.Continue Reading

• IT controls help compliance programs deal with changing regulations

  Cataloging regulations, framework objectives and IT controls can simplify compliance programs to better deal with changing regulations. Our expert has a three-step plan.Continue Reading

• How compliance with ISO 31000 supports risk management initiatives

  ISO 31000 is becoming an important development tool for shaping existing and new risk management programs. Learn if your programs are in compliance with this standard.Continue Reading

• Are you in compliance with the ISO 31000 risk management standard?

  The ISO 31000 risk management standard is becoming an important development tool for shaping existing and new programs. Learn if your programs are in compliance with the standard.Continue Reading

• Environment, health and safety projects, plus GRC, CSR, can lower risk

  Compliance officers can lower risk and boost revenue by integrating environmental, health and safety (EHS) programs with GRC and corporate social responsibility programs (CSR).Continue Reading

• Compliance officers: Make cybersecurity programs and compliance work

  With the proposed Cybersecurity Enhancement Act of 2009 on the horizon, compliance officers must find a way to make their cybersecurity programs work with compliance initiatives.Continue Reading

• Using metrics to enhance information risk management

  Risk management metrics can dramatically improve your information risk management and compliance initiatives. But regulatory compliance officers have to take the initiative.Continue Reading

• What every compliance officer needs to know about database security

  What can compliance officers do to ensure database security without taking database administrator training? Here are tips to help focus on key database security issues.Continue Reading

• Enterprise iPads: Compliance risk or productivity tool?

  IT shops are hotly debating whether enterprise iPads will prove to be more of a compliance risk than a productivity tool. One thing's for sure -- they're here to stay.Continue Reading

• Learning to manage risk-based internal controls must be a priority

  With internal controls based on some level of risk, organizations should make management of internal risk-based controls a critical business activity.Continue Reading

• Enterprise content management helps crank up information governance

  Enterprise content management tools have become important building blocks for compliance officers piecing together information governance strategies. Find out why.Continue Reading

• What compliance professionals shouldn't do after data breaches

  You likely know your options to prevent data breaches, as well as what to do if they happen. But what should compliance professionals not do in the wake of a data breach?Continue Reading

• Integrated governance, risk and compliance solutions need holistic IT

  Integrated governance, risk and compliance solutions require a holistic technology architecture. Read this tip to find out how to put it together.Continue Reading

• A cohesive GRC framework can make a compliance strategy more effective

  Governance, risk and compliance each mean different things -- a GRC framework can help you maximize the strengths of each as part of your compliance strategy.Continue Reading

• How good is your mainframe at data security? Not as good as you think.

  Despite mainframes' reputation for data security, their increasing interaction with Web-based environments makes them vulnerable. Take these steps to seal the cracks.Continue Reading

• An ERM strategy that leverages compliance for IT/business alignment

  Compliance can be achieved through enterprise risk management, but your ERM strategy may not mean compliance. Here's how to leverage ERM for compliance.Continue Reading

• What MOF, ISO 2700x and PCI DSS can mean for your compliance strategy

  Frameworks can be a big part of an efficient compliance strategy. Find out how MOF, ISO 2700x and PCI DSS can fit into that program. Part 2 of a series.Continue Reading

• Sorting through GRC framework questions

  An IT or enterprise GRC program needs coordination, and that's where governance, risk and compliance frameworks can be useful. Here's an overview.Continue Reading

• Find unexpected vulnerabilities to ensure cloud compliance

  Ensuring cloud compliance means negotiating SLAs in contracts and scanning for vulnerabilities independently. Due diligence on cloud security will help manage risk.Continue Reading

• Private Sector Preparedness Program provides business continuity options

  FEMA's Private Sector Preparedness Program provides options for those seeking to add a business continuity plan to their business. What you need to know.Continue Reading