Mark Zuckerber’s op-ed in The Washington Post outlines ideas for internet “new rules,” including the adoption of GDPR-like regulation on a global scale. Although it is not yet a policy, is your organization prepared to deal with new regulations and effectively manage risk and compliance should they pass in the near future?.
British Airways had a major cyberattack in 2018. Will they face GDPR fines in 2018? The investigation into British Airways’ data breach is still ongoing, so it’s too early to say what GDPR fines they may be hit with. However, they could face up to £488 million in penalties under GDPR. How would the Equifax breach in 2017 have fared?.
The DFARS compliance deadline went into effect at the end of 2017. Read this GRC case study to see how one defense contractor moved from manual spreadsheets to a centralized framework that fulfills regulatory initiatives beyond DFARS compliance NIST 800-171 without re-engineering.
Vendor Risk Management program journeys often start with a breach traced to a vendor. It becomes a priority and your team receives the funding it needs to implement a vendor risk management program. If you’re in this situation now, the first thing to keep in mind is you shouldn’t try to create your program in a vacuum..
Will you face GDPR fines if you miss the GDPR Deadline? We're 30 days away from the GDPR compliance deadline. Fines are up to the greater of €20 million or 4 percent of your global annual revenue. Recommendations for meeting GDPR deadline and avoiding fines..
A compliance risk management common controls framework is the ultimate goal for those using a governance risk and compliance software platform. Whether you’re risk framework and controls need to account for HIPAA, SOX, ISO 27001/2, NIST 800-53, HISTRUST CSF, or other. Using GRC tools to have one risk management and compliance framework rule them all sounds like the "easy button".
Still managing IT Risk Management spreadsheets for Healthcare compliance. Stop Using Spreadsheets for GRC. IT Risk management and compliance is driven by mandates, and you’re working too hard to meet those mandates if you’re still working in spreadsheets..
Andrew Vesay, Rsam Client Partner and Financial Services specialist, discusses the recent New York Department of Financial Services (NYDFS) cybersecurity regulation. Covered entities, and unregulated third party providers, must adhere to new requirements that went into effect on August 28, 2017. Andrew discusses the impact of the strict new regulation, additional pending cybersecurity reforms and ….
Organizations understand that risk is fluent and every-present. It typically falls to the Chief Compliance to keep the Board of Directors and other stakeholders informed while ensuring that the company is ‘in compliance’ a vast array of regulations, policies and standards. The challenge of managing so many moving parts can be a constant battle. Manual ….
After considering all the feedback that was submitted during the 45-day comment period, the state of New York’s new cybersecurity regulations were enacted today. While most regulations seem rote, this one has an interesting twist. “This is the first time I’ve seen a regulator explicitly allow firms to outsource the Chief Information Security Officer (CISO) role,” ….