If Equifax Had Wings…GDPR Fines 2018

British Airways had a major cyberattack in 2018. Will they face GDPR fines in 2018? The investigation into British Airways’ data breach is still ongoing, so it’s too early to say what GDPR fines they may be hit with. However, they could face up to £488 million in penalties under GDPR. How would the Equifax breach in 2017 have fared?.

Integrated Risk Management| Compliance| Read more

GRC Case Study: Defense Contractor meets DFARS Compliance NIST 800-171

The DFARS compliance deadline went into effect at the end of 2017. Read this GRC case study to see how one defense contractor moved from manual spreadsheets to a centralized framework that fulfills regulatory initiatives beyond DFARS compliance NIST 800-171 without re-engineering.

Is Your Vendor Risk Management Program Negatively Impacting Compliance?

Vendor Risk Management program journeys often start with a breach traced to a vendor. It becomes a priority and your team receives the funding it needs to implement a vendor risk management program. If you’re in this situation now, the first thing to keep in mind is you shouldn’t try to create your program in a vacuum..

The GDPR Fines & Deadline: 30 Days and Counting

Will you face GDPR fines if you miss the GDPR Deadline? We're 30 days away from the GDPR compliance deadline. Fines are up to the greater of €20 million or 4 percent of your global annual revenue. Recommendations for meeting GDPR deadline and avoiding fines..

Is a Compliance Risk Management Common Controls Framework a Myth?

A compliance risk management common controls framework is the ultimate goal for those using a governance risk and compliance software platform. Whether you’re risk framework and controls need to account for HIPAA, SOX, ISO 27001/2, NIST 800-53, HISTRUST CSF, or other. Using GRC tools to have one risk management and compliance framework rule them all sounds like the "easy button".

New York State Cybersecurity Regulation Goes Into Effect. We Sit Down with Rsam’s Andrew Vesay to Discuss (Audio Interview)

Andrew Vesay, Rsam Client Partner and Financial Services specialist, discusses the recent New York Department of Financial Services (NYDFS) cybersecurity regulation. Covered entities, and unregulated third party providers, must adhere to new requirements that went into effect on August 28, 2017. Andrew discusses the impact of the strict new regulation, additional pending cybersecurity reforms and ….

Cybersecurity| Compliance| GRC| Eric Goldberg| Read more

Corporate Compliance & Oversight Primer

Organizations understand that risk is fluent and every-present. It typically falls to the Chief Compliance to keep the Board of Directors and other stakeholders informed while ensuring that the company is ‘in compliance’ a vast array of regulations, policies and standards. The challenge of managing so many moving parts can be a constant battle.  Manual ….

New York’s New Cybersecurity Regulations Start Today

After considering all the feedback that was submitted during the 45-day comment period, the state of New York’s new cybersecurity regulations were enacted today. While most regulations seem rote, this one has an interesting twist. “This is the first time I’ve seen a regulator explicitly allow firms to outsource the Chief Information Security Officer (CISO) role,” ….

Compliance| Vendor Risk Management| GRC| Eric Goldberg| Read more