seo page

https://www.zengrc.com/blog/planning-your-next-budget-cycle-why-now-is-the-perfect-time-to-modernize-your-grc-approach/
Don't let another budget cycle pass while your team struggles with manual processes, scattered documentation, and time-consuming audit preparation. Modern…
https://www.zengrc.com/blog/risk-assessment-best-practices-transform-your-risk-management-strategy/
Traditional Risk management approaches are leaving organizations exposed to mounting threats.
https://www.zengrc.com/blog/5-compliance-best-practices-every-business-should-follow/
As regulatory requirements intensify, businesses must shift from "check-the-box" compliance to strategic compliance management
https://www.zengrc.com/blog/building-a-campus-wide-cybersecurity-culture-from-administration-to-students/
Higher education institutions face unprecedented cybersecurity threats with 97% experiencing breaches last year.
https://www.zengrc.com/blog/building-a-future-proof-grc-strategy-preparing-for-the-unknown-while-maintaining-compliance-today/
Organizations are breaking free from reactive compliance cycles by adopting future-proof GRC strategies that balance current requirements with adaptability to…
https://www.zengrc.com/blog/gdpr-compliance-checklist-how-zengrc-automates-your-data-privacy-program/
Tired of drowning in GDPR documentation and manual compliance processes? ZenGRC transforms your GDPR compliance.
https://www.zengrc.com/blog/security-requirements-for-digital-pharmacy-platforms/
Digital pharmacy platforms face the unique security challenges of protecting sensitive data and navigating regulations.
https://www.zengrc.com/blog/efficient-compliance-harmonizing-multiple-regulatory-frameworks/
Tired of duplicating compliance efforts? Stop treating each compliance framework as a separate mountain to climb
https://www.zengrc.com/blog/managing-third-party-risk-in-healthcare-supply-chains/
In healthcare, third-party risk extends beyond operational concerns—it's a matter of patient trust and data security.
https://www.zengrc.com/blog/ai-in-grc-beyond-the-buzzwords-a-practical-guide-to-implementing-ai-tools-in-your-compliance-program/
Every minute spent manually transferring data between spreadsheets could be better invested in strategic risk management.
https://www.zengrc.com/blog/vendor-onboarding-best-practices-reducing-risk-from-day-one/
Third-party vendor risk begins at onboarding. Manual processes create security gaps through scattered documentation and missed compliance.
https://www.zengrc.com/blog/compliance-guide-building-hipaa-compliant-telemedicine-platforms/
Telemedicine is experiencing unprecedented growth as patients increasingly embrace this convenient alternative to traditional healthcare
https://www.zengrc.com/blog/the-cost-of-non-compliance-why-third-party-risk-should-be-a-top-priority-in-2025/
IIn 2025, organizations face an unprecedented challenge in managing third-party risk. As artificial intelligence reshapes business operations and remote work continues to become deeply embedded in corporate culture, the traditional boundaries of organizational security have dissolved.
https://www.zengrc.com/blog/strengthening-security-and-transparency-with-a-trust-center/
As organizations handle increasing amounts of sensitive data and face growing security questionnaires from stakeholders, demonstrating a robust security posture becomes essential. One effective way to achieve this is through a Trust Center.
https://www.zengrc.com/blog/2025-grc-resolutions-for-your-business/
While personal New Year's resolutions often fade by February, your organization's GRC resolutions can't afford to falter.
https://www.zengrc.com/blog/the-role-of-grc-software-in-fedramp-compliance-essential-features-and-benefits/
Governance, Risk, and Compliance (GRC) software has become an essential tool for organizations navigating the complex FedRAMP landscape. Let's explore how the right GRC solution can streamline your FedRAMP compliance journey.
https://www.zengrc.com/blog/how-to-comply-with-fedramp-a-practical-guide-to-authorization/
Whether you're new to FedRAMP or an experienced professional looking to optimize your approach, this guide walks through the key steps and requirements for successfully navigating the FedRAMP authorization process.
https://www.zengrc.com/blog/cmmc-2-0-understanding-key-changes-and-preparing-your-organization/
The Defense Department's Cybersecurity Maturity Model Certification (CMMC) program has entered a crucial new phase with the publication of the CMMC Final Rule in October 2024 and its upcoming implementation on December 16, 2024.
https://www.zengrc.com/blog/understanding-fedramp-a-quick-guide-to-federal-cloud-security-compliance/
The Federal Risk and Authorization Management Program (FedRAMP) serves as the cornerstone of federal cloud security, providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
https://www.zengrc.com/blog/6-reasons-why-you-need-soc-2-compliance/
Compliance with the System and Organization Controls for Service Organizations 2 (SOC 2) isn’t mandatory. No industry requires a SOC 2 report, nor is SOC 2 compliance required by law.
https://www.zengrc.com/blog/what-are-barriers-in-risk-management/
Enterprise risk management (ERM) can be a challenging endeavor – but a rewarding one, too. While the benefits uncovered by effective ERM don’t always add to the balance sheet directly, they do help a company’s resilience in the face of approaching dangers.
https://www.zengrc.com/blog/risk-management-automation-what-it-is-and-how-it-can-improve-your-cybersecurity/
Any organization’s survival depends on its ability to identify potential risks and then take steps to reduce those risks before they become disruptions. Neglecting even small details, especially when multiple stakeholders are involved, can lead to significant losses of money, reputation, customer goodwill, and more.
https://www.zengrc.com/blog/what-is-digital-risk-management/
Digital risk is created by the new technologies that a company adopts to help accelerate its digital transformation. Digital risk management refers to how a company assesses, monitors, and treats those risks that arise from digital transformation.
https://www.zengrc.com/blog/internal-controls-to-prevent-financial-statement-fraud/
“Cooking the books” is a phrase that refers to falsifying financial statements so one can commit accounting fraud. Perhaps the landmark example of cooking books was Enron, the U.S. energy company coasted on accounting fraud until it imploded in 2001, leading to the passage of the Sarbanes-Oxley Act the following year.
https://www.zengrc.com/blog/how-to-implement-effective-compliance-testing/
Compliance testing, also known as conformance testing, is a periodic, independent, and objective assessment of compliance-related processes or controls. As the name implies, you’re testing those controls to see how well they actually work.
https://www.zengrc.com/blog/how-to-define-objectives-under-isms/
In today’s digital age, protecting your organization’s information assets is paramount. An information security management system (ISMS) plays a crucial role in this endeavor, providing a structured approach to managing and protecting company information.
https://www.zengrc.com/blog/the-relationship-between-internal-controls-and-internal-audits/
Any modern organization looking to navigate today’s risk environment successfully needs both strong internal controls and ongoing internal audits.
https://www.zengrc.com/blog/best-practices-for-payroll-internal-controls/
Payroll is a crucial business process in any organization because it assures that employees are compensated in full and in a timely manner.
https://www.zengrc.com/blog/the-aftermath-steps-to-recovering-from-a-malware-attack/
Malware (shorthand for “malicious software”) is any intrusive software that can infiltrate your computer systems to damage or destroy them or to steal data from them. The most common types of malware attacks include viruses, worms, Trojans, and ransomware.
https://www.zengrc.com/blog/how-to-monitor-your-risk-management-plan/
As ever more business operations rely on software systems and online platforms, the range of cybersecurity risks they face become ever more complex.
https://www.zengrc.com/blog/third-party-due-diligence-best-practices/
No matter your industry, business relationships with third-party vendors are the most significant risk to your information landscape. Increasingly, companies are adding more Software-as-a-Service (SaaS) vendors to streamline business processes.
https://www.zengrc.com/blog/the-key-differences-between-fedramp-a-to-amp-p-ato/
The Federal Risk and Authorization Management Program (FedRAMP) helps U.S. federal agencies assess cloud service providers’ security more efficiently. It aims to protect government data and information systems and promote the adoption of secure cloud products and services by federal agencies.
https://www.zengrc.com/blog/how-to-prevent-third-party-vendor-data-breaches/
Third-party data breaches can happen at any time to any organization. This type of breach occurs when a vendor (or some other business partner) holding your company’s data suffers a breach, and your data is exposed.
https://www.zengrc.com/blog/how-to-avoid-the-common-risks-of-implementing-new-software/
The first computer software program was released and executed in 1948 at the University of Manchester: a math program that computed the greatest divisor…
https://www.zengrc.com/blog/top-risks-faced-by-oil-and-gas-companies/
Risk management programs must be tailored to a company’s specific risks, and often those risks correlate to whatever industry that company is in. Oil…
https://www.zengrc.com/blog/how-to-leverage-ai-to-streamline-grc-compliance-the-future-of-automated-auditing/
In the ever-evolving landscape of Governance, Risk, and Compliance (GRC), staying ahead of the curve is no longer just an advantage—it's a necessity…
https://www.zengrc.com/blog/what-is-cybersecurity-automation/
Conventional cybersecurity management solutions are becoming outdated, unable to handle the exponential growth of sophisticated security…
https://www.zengrc.com/blog/risk-management-process-for-insurance-companies/
Insurance companies know how to protect their clients’ homes, cars, and businesses. But protecting those customers’ personal information is a bit harder…
https://www.zengrc.com/blog/important-disaster-recovery-scenarios-to-test/
However safe and resilient your company’s operations might be, there’s always the chance that something will occur to interrupt business operations…
https://www.zengrc.com/blog/what-is-cybersecurity-architecture-and-why-is-it-important/
Cybersecurity threats abound, and the pace of cybersecurity attacks is increasing steadily year after year. At the same time, consumers are also becoming…
https://www.zengrc.com/blog/security-misconfigurations-definition-causes-and-avoidance-strategies/
Misconfigured security settings can be disastrous for a company’s cybersecurity. In 2019, for example, a researcher discovered a security misconfigur…
https://www.zengrc.com/blog/what-is-the-importance-of-internal-controls-in-corporate-governance-mechanisms/
At the core of business management are the rules, practices and processes that define how your organization is directed, operated and controlled. This…
https://www.zengrc.com/blog/5-step-risk-management-process/
Learn the essential 5 Step Risk Management Process to identify, analyze, evaluate, and monitor risks effectively for your organization's security and success.
https://www.zengrc.com/blog/guide-to-coso-framework-and-compliance/
Intro The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) framework for internal business controls helps organizations ensure…
https://www.zengrc.com/blog/what-are-the-key-risk-indicators-for-banks/
Banks around the world have high-risk exposure from various sources. As we all learned from the financial crisis in 2008, risks in the financial…
https://www.zengrc.com/blog/checklist-for-third-party-risk-assessments/
Amid escalating data breaches and supply chain attacks, businesses are placing an unprecedented emphasis on third-party risk management. That’s a logical…
https://www.zengrc.com/blog/assessing-business-risks-associated-with-change/
Change is a necessary and inevitable part of business, whether it relates to new technology, the socio-economic climate, the competitive landscape, or…
https://www.zengrc.com/blog/top-7-vulnerability-mitigation-strategies/
Discover the best vulnerability mitigation strategies to help protect your business from potential threats with this guide from the team at ZenGRC. 202…
https://www.zengrc.com/blog/complementary-user-entity-controls-explained/
Most security, audit and compliance professionals are already acquainted with System and Organization Controls (SOC) and SSAE 18 audits. There is…
https://www.zengrc.com/blog/what-you-need-to-know-about-security-compliance-management/
Security compliance management is that set of policies, procedures, and other internal controls that an organization uses to fulfill its regulatory…
https://www.zengrc.com/blog/what-is-continuous-auditing/
Many security and compliance professionals hear “continuous monitoring” as part of their information security process and grasp the term’s meaning – but…
https://www.zengrc.com/blog/business-continuity-risk-how-to-plan-for-threats/
In an increasingly complex and interconnected world, businesses face a myriad of risks that can disrupt their operations. From natural disasters&nbsp…
https://www.zengrc.com/blog/nist-cyber-risk-scoring/
Understand the key components and rating scale of NIST cyber risk scoring to better evaluate and reduce cybersecurity risk.
https://www.zengrc.com/blog/how-to-choose-a-compliance-management-tool/
Effective corporate compliance is an increasingly urgent issue for businesses. More regulations continue to increase across the landscape, and…
https://www.zengrc.com/blog/3-levels-of-fisma-compliance-low-moderate-high/
The United States enacted the Federal Information Security Management Act (FISMA) in 2002 as part of the E-Government Act of 2002 to enhance the…
https://www.zengrc.com/blog/common-risk-management-strategies-risk-avoidance-vs-risk-mitigation/
If companies operated in a utopia, they could easily keep costs low, prevent fraud, avoid geopolitical tensions, and sidestep cyberattacks. Their…
https://www.zengrc.com/blog/how-to-create-a-compliance-risk-assessment-template/
Discover how to create a compliance risk assessment template that drives clarity, accountability, and audit readiness.
https://www.zengrc.com/blog/5-common-risks-involved-in-mergers-and-acquisitions/
The total global value of corporate mergers and acquisitions (M&A) reached $5.9 trillion in 2021. For 2022, the figure is expected to reach…
https://www.zengrc.com/blog/identifying-your-risk-universe/
A risk assessment is a crucial first step to develop your company’s risk management program. The assessment process itself begins with identifying…
https://www.zengrc.com/blog/traditional-supply-chain-vs-digital-supply-chain/
A supply chain is the ecosystem of processes, systems, and entities that work together to transform an idea into a final product and customer-ready…
https://www.zengrc.com/blog/what-is-an-internal-penetration-test-and-how-are-they-done/
What Is an Internal Penetration Test, and How Is it Done? A famous 2011 article by security adviser Roger Grimes is intriguingly titled, “To beat…
https://www.zengrc.com/blog/risk-remediation-vs-risk-mitigation/
Remediation and mitigation are words commonly used interchangeably to describe a wide variety of risk management measures within an organization…
https://www.zengrc.com/blog/regulatory-compliance-in-healthcare/
Every day, healthcare providers must perform the nerve-racking task of complying with increasing healthcare regulations. According to one report…
https://www.zengrc.com/blog/risk-control-measures-that-work/
Conducting a regular risk assessment is an integral part of any organization’s overall risk management plan. It’s sometimes even a legal requirement…
https://www.zengrc.com/blog/internal-control-practices-to-prevent-inventory-loss/
In 2020, more than 15 percent of U.S. retailers experienced inventory shrinkage — that is, loss of physical inventory — of 3 percent or more. According…
https://www.zengrc.com/blog/clarifying-roles-and-responsibilities-in-grc-management/
Governance, risk management, and compliance (GRC) are crucial activities for any modern organization. Implementing an effective GRC program, however, is…
https://www.zengrc.com/blog/incident-response-plan-vs-disaster-recovery-plan/
When crafting a business continuity strategy, businesses need to recognize the need for two complementary yet distinct documents: an incide…
https://www.zengrc.com/blog/vulnerability-scanners-passive-scanning-vs-active-scanning/
Vulnerabilities in enterprise environments create many opportunities for cyber criminals to attack the organization. Bad actors may take advantage of…
https://www.zengrc.com/blog/cybersecurity-kpis-to-track-examples/
To manage cybersecurity risks effectively and maintain a strong defense posture, organizations need a clear understanding of their security program and…
https://www.zengrc.com/blog/5-most-effective-risk-management-techniques/
Risk management techniques help businesses identify and address risks, create baselines for acceptable risks, and prepare for unexpected threats…
https://www.zengrc.com/blog/navigating-the-future-of-ai-governance-a-guide-to-nist-ai-rmf-iso-iec-42001-and-the-eu-ai-act/
Learn the key differences between NIST, ISO, and EU AI governance frameworks and how to align your AI systems with regulatory expectations.
https://www.zengrc.com/blog/top-5-risks-affecting-the-healthcare-industry/
Cybersecurity is a constant, serious threat to the healthcare industry. Unfortunately, however, the risks to cybersecurity and data security in…
https://www.zengrc.com/blog/identifying-assets-for-it-risk-analysis/
Any organization that uses information technology should conduct cybersecurity risk assessments from time to time. Each organization, however, faces…
https://www.zengrc.com/blog/how-to-develop-a-risk-culture-at-your-organization/
Risk is inseparable from the modern business landscape – and therefore, every company needs an effective risk management program to identify…
https://www.zengrc.com/blog/risk-exception-management-process-how-to-manage-non-compliance/
Risk exception For all the importance of strong policies and procedures, another truth is this: that in day-to-day operations, your organization will…
https://www.zengrc.com/blog/risk-assessments-and-internal-controls/
From innocent but costly mistakes to deliberate fraud, all organizations are subject to risks that can jeopardize financial reporting or lead to the loss…
https://www.zengrc.com/blog/cybersecurity-audit-checklist/
Today’s corporate IT environments are complex and diverse. The security system to protect those environments can easily have hundreds of individual…
https://www.zengrc.com/blog/the-different-types-of-risk-assessment-methodologies/
Risk is inherent to all businesses, regardless of your industry. To prevent those risks from causing harm, you must first know what threats you are…
https://www.zengrc.com/blog/top-risk-analysis-tools/
For many years and across industries, enterprise risk management (ERM) has always been an important part of any successful business operation. Organizatio…
https://www.zengrc.com/blog/what-is-an-audit-of-internal-control-over-financial-reporting/
In today’s complex financial landscape, trust and transparency play pivotal roles in ensuring business credibility. One essential tool that bolsters this…
https://www.zengrc.com/blog/what-is-management-override-of-internal-controls/
Learn how management override of internal controls happens, why it poses a risk, and what steps organizations can take to prevent financial misconduct.
https://www.zengrc.com/blog/it-audit-checklist-for-your-it-department/
A disruption to your company’s information technology (IT) systems can disrupt your business operations as well, costing you time and money while…
https://www.zengrc.com/blog/5-effective-strategies-to-mitigate-market-risk/
“Market risks” are risks specifically related to investments. These risks are defined by the behavior of the market overall, and can be caused by factors…
https://www.zengrc.com/blog/how-to-identify-internal-control-weaknesses/
A company’s employees, shareholders, senior management, and board of directors expect the company to conduct its business reliably, efficiently, and…
https://www.zengrc.com/blog/5-tips-to-prepare-for-your-external-audit/
Your company’s first external audit can be a bit overwhelming. The audit firm will seek a considerable amount of audit evidence from your…
https://www.zengrc.com/blog/what-is-an-audit-trail-and-what-purpose-does-it-serve/
Audits are independent assessments of the security of sensitive data and computer systems or a company’s financial reporting. Audits can be time-consuming…
https://www.zengrc.com/blog/due-care-vs-due-diligence-what-is-the-difference/
Understanding the nuances between “due care” and “due diligence” is essential for effective risk management, especially in the complex domain…
https://www.zengrc.com/blog/how-to-build-a-risk-register-for-your-business/
Discover how to create a risk register that helps your business manage threats, assign owners, and stay compliant.
https://www.zengrc.com/blog/common-risk-management-strategies-risk-avoidance-vs-risk-reduction/
Risk is a fact of life for every enterprise. It refers to the possibility that an unexpected event may cause unexpected results. These results are…
https://www.zengrc.com/blog/risk-appetite-statement-examples/
Explore risk appetite statement examples to guide your risk strategy. Learn how to define, write, and align statements with business goals.
https://www.zengrc.com/blog/5-steps-to-performing-a-cybersecurity-risk-assessment/
Learn how to perform a cybersecurity risk assessment in 5 clear steps. Identify critical assets, assess threats, and strengthen your risk posture today.
https://www.zengrc.com/blog/audit-log-best-practices-for-information-security/
Audit logs are essential for ensuring the security of an organization’s information systems. They track all events that occur within a system, including…
https://www.zengrc.com/blog/positive-risk-vs-negative-risk-in-enterprise-risk-management/
Businesses face risk all the time – and that’s OK. Even though the word “risk” typically has negative connotations, the term can actually represent many…
https://www.zengrc.com/blog/9-common-types-of-security-incidents-and-how-to-handle-them/
Cybersecurity is one of the top concerns for organizations. In recent years, and that’s not going to change any time soon – unless, if anything,…
https://www.zengrc.com/blog/what-are-the-principles-of-information-security/
Information security is the effort companies undertake to protect their enterprise data information from security breaches. Without information security…
https://www.zengrc.com/blog/5-best-practices-for-risk-management/
Risk management is the process of identifying, monitoring, and managing risks and their harm to a business. These risks can range from data loss…
https://www.zengrc.com/blog/important-internal-control-activities-that-every-organization-should-implement/
Every organization needs strong internal controls to ensure the integrity of financial statements, promote ethical values, and drive transparenc…
https://www.zengrc.com/blog/heres-why-regulatory-compliance-is-important/
You don’t have to jump through endless hoops to achieve regulatory compliance. By finding an easy way to comply with the right laws, regulations, and…
https://www.zengrc.com/blog/10-common-types-of-digital-risks/
Organizations across all industries are becoming more reliant on digital technology to get the job done. In this era of digital transformation, technologi…
https://www.zengrc.com/blog/risk-control-risk-management-whats-the-difference/
Confused about risk control vs. risk management? Learn the key differences and how each plays a role in protecting your organization from threats.
https://www.zengrc.com/blog/top-10-risks-faced-by-the-manufacturing-industry/
Today’s global economy is more interconnected than ever before. That drives significant benefits for companies and industries operating worldwide…
https://www.zengrc.com/blog/what-is-nist-in-cloud-computing/
Cloud computing is everywhere these days, which means that the security risks inherent to cloud computing are everywhere too — and corporations need…
https://www.zengrc.com/blog/11-proven-risk-mitigation-strategies/
The exponential growth of cyber-attacks every year underscores the critical importance of risk mitigation—a strategic process to identify, analyze, and…
https://www.zengrc.com/blog/the-5-key-elements-of-an-effective-internal-control-system/
Policies, procedures, and other best practices are all essential to the smooth functioning of any organization. They help set the right expectations…
https://www.zengrc.com/blog/6-benefits-of-internal-auditing/
Regular, comprehensive audits keep organizations on track. Audit plans come in all shapes and sizes, too: internal and external audits; audits of finance, audits of data, audits of operations.
https://www.zengrc.com/blog/compliance-risk-assessment-for-banks/
Banks are one of the most heavily regulated business sectors, with stiff regulatory compliance obligations and close scrutiny from…
https://www.zengrc.com/blog/what-are-the-types-of-audit-evidence/
Collecting and evaluating audit evidence helps determine whether an organization follows the required standards. The American Institute of Certified…
https://www.zengrc.com/blog/inherent-risk-vs-control-risk-whats-the-difference/
Inherent risk and control risk are essential concepts in risk management. They’re key parts of the audit risk model, which auditors use to assess overall…
https://www.zengrc.com/blog/threat-vulnerability-and-risk-whats-the-difference/
This guide provides clear definitions of risk, threat, and vulnerability and breaks down the differences.
https://www.zengrc.com/blog/the-difference-between-strategic-and-operational-risk/
When your organization faces an existential threat, is it because of a flawed business model or a broken process? The answer determines whether you're…
https://www.zengrc.com/blog/proactive-vs-reactive-risk-management-strategies/
In a difficult economic climate, a company’s odds of survival depend on how skillfully it manages risk. A well-rounded risk management strategy can help…
https://www.zengrc.com/blog/substantive-testing-vs-control-testing-how-do-they-compare/
Financial integrity is the foundation of business success and investor confidence. Major financial scandals, like Enron or WorldCom, highlight the…
https://www.zengrc.com/blog/the-importance-of-internal-controls-in-corporate-governance-mechanisms/
At the core of business management are the rules, practices and processes that define how your organization is directed, operated and controlled. This system…
https://www.zengrc.com/blog/what-are-the-top-operational-risks-for-banks/
What Are the Top Operational Risks for Banks? In one of its papers, the Basel Committee on Banking Supervision (BCBS) defines operational risks for banks…
https://www.zengrc.com/blog/what-is-technology-risk/
Technology risk (or IT risk) is the chance that technology failures, such as cyberattacks, service outages, or outdated equipment, could disrupt business…
https://www.zengrc.com/blog/embracing-our-roots-the-next-era-of-zengrc/
Today, RiskOptics becomes ZenGRC, a name that reflects our legacy, our vision, and our unwavering commitment to our valued customers and partners. This…
https://www.zengrc.com/blog/5-most-common-types-of-internal-accounting-controls/
Accounting is a core function in every business. Organizations need accounting teams to track revenue and expenses, evaluate financial performance, create…
https://www.zengrc.com/blog/riskoptics-simplifying-governance-risk-and-compliance-for-tomorrows-business-challenges/
At ZenGRC, our mission is to make GRC simple, and it’s been that way since the inception of ZenGRC in 2009. With an in-house team…
https://www.zengrc.com/blog/evidence-collection-for-tprm/
Today almost every organization outsources at least some part (if not many parts) of its operations to third parties. That means those organizations must…
https://www.zengrc.com/blog/what-is-the-difference-between-pa-dss-and-pci-dss/
The PCI-DSS 4.0 security standard for credit card transactions went into effect at the end of March 2024, and supplanted the Payment Application Data Security…
https://www.zengrc.com/blog/a-guide-to-completing-an-internal-audit-for-compliance-management/
A thorough and detailed audit trail will make your compliance audits much more efficient, and help guarantee that you'll pass with flying colors
https://www.zengrc.com/blog/what-is-a-hipaa-security-risk-assessment/
The confidentiality of personal health data is one of the highest priorities in information security. As healthcare providers and organizations handle vast…
https://www.zengrc.com/blog/soc-1-vs-soc-2-whats-the-difference/
Find out how SOC 1 and SOC 2 audits differ and what each means for service organizations and their clients.
https://www.zengrc.com/blog/creating-an-efficient-document-repository-for-compliance/
Modern organizations have huge demands for regulatory compliance, which means a huge amount of documentation that your business must generate and manage to…
https://www.zengrc.com/blog/setting-objectives-with-iso-27001s-isms/
ISO 27001 is an international standard specifying how organizations should develop and implement an effective information security management system (ISMS). Or…
https://www.zengrc.com/blog/soc-2-vs-iso-27001-key-differences-between-the-standards/
Explore the differences between SOC 2 and ISO 27001 standards to determine the best fit for ensuring your organization's information security compliance.
https://www.zengrc.com/blog/exploring-onetrust-alternatives-which-grc-fits-you-best/
When one looks at the marketplace of governance, risk management, and compliance (GRC) software platforms, it's clear that OneTrust has established itself as a…
https://www.zengrc.com/blog/developing-a-robust-business-continuity-policy/
Business continuity planning is essential for every organization, regardless of size or industry. You need a plan for potential disasters or disruptions to…
https://www.zengrc.com/blog/is-google-drive-hipaa-compliant/
Data security and privacy are increasingly top of mind these days, especially regarding sensitive personal data such as our health information. The federal…
https://www.zengrc.com/blog/what-is-the-soc-2-policy-approvals-process/
Organizations are responsible for safeguarding sensitive data in their possession (including customer data) and maintaining a strong cybersecurity posture. One…
https://www.zengrc.com/blog/enhancing-vendor-relations-strategies-for-direct-communication/
Most businesses depend on their supply chains for success — but as the Covid-19 pandemic painfully demonstrated, few companies have a full grasp of their…
https://www.zengrc.com/blog/what-are-the-pci-dss-password-requirements/
PCI DSS is the cybersecurity standard that retailers must follow to assure the security of their customers’ credit card data. PCI DSS has many components,…
https://www.zengrc.com/blog/cross-mapping-grc-compliance/
As businesses grow, they encounter more regulatory requirements — and soon enough, those requirements can feel like a straitjacket of overlapping obligations…
https://www.zengrc.com/blog/why-pci-4-matters-deep-dive/
The Payment Card Industry Data Security Standard (PCI DSS) is a crucial security standard for protecting personal data during credit card transactions — and…
https://www.zengrc.com/blog/how-to-automate-triggers-based-on-expiration-dates/
Organizations must stay on top of compliance deadlines and expiration dates. Failure to meet these deadlines can lead to costly penalties, reputational damage…
https://www.zengrc.com/blog/mastering-user-entitiy-controls/
Complementary user entity controls (CUECs) are essential to any SOC 2 compliance project report. These controls help to confirm the service provider's system…
https://www.zengrc.com/blog/what-are-complementary-subprocessor-controls/
Modern digital supply chains are complicated. As ever more businesses outsource ever more business functions to focus on their core responsibilities, those…
https://www.zengrc.com/blog/connecting-document-repository-to-server-best-practices/
Good documentation is essential for any compliance program, but all that documentation is pointless if you cannot find anything when needed. That's where…
https://www.zengrc.com/blog/the-role-of-artificial-intelligence-in-cybersecurity-and-the-unseen-risks-of-using-it/
From using AI in cybersecurity to automate manual tasks to enhancing third-party risk management processes, Artificial Intelligence (AI) is reshaping the…
https://www.zengrc.com/blog/what-is-esg-risk-management/
Risk management programs have traditionally addressed financial, compliance, and operational risks. However, a new class of risks is emerging: "ESG" risks…
https://www.zengrc.com/blog/what-is-a-security-risk-assessment/
A security risk assessment evaluates the information security risks posed by the applications and technologies an organization develops and uses. An essential…
https://www.zengrc.com/blog/post-soc-2-gap-analysis/
Achieving SOC 2 compliance demonstrates to customers that your organization takes data security and privacy seriously. The journey to achieve SOC 2 compliance…
https://www.zengrc.com/blog/best-industry-practices-for-soc-2-compliance/
As data breaches and cyberattacks become more widespread, most businesses are making information security and data privacy a top priority. That means they want…
https://www.zengrc.com/blog/role-of-self-attestation-in-compliance-benefits-challenges/
Self-attestations are an increasingly popular tool for cybersecurity compliance frameworks such as the National Institute of Standards and Technology (NIST)…
https://www.zengrc.com/blog/the-top-grc-software-of-2024-expert-reviews-comparisons/
In today’s complex cybersecurity environment, the need for robust governance, risk management, and compliance (GRC) strategies has never been higher. With…
https://www.zengrc.com/blog/optimizing-compliance-management-with-the-best-grc-software/
To optimize compliance management within an organization, it’s crucial to select the right governance, risk, and compliance (GRC) software for your business…
https://www.zengrc.com/blog/importance-of-tracking-complementary-user-entity-controls/
As organizations increasingly rely on third-party service providers for critical business functions, evaluating and monitoring those providers’ SOC 2 reports…
https://www.zengrc.com/blog/steps-to-creating-statement-of-applicability/
A Statement of Applicability (SOA) is a document you draft as part of achieving compliance with ISO 27001 and other ISO standards. The SOA reviews…
https://www.zengrc.com/blog/zengrc-pricing-for-smbs-affordable-compliance-solutions/
Navigating the complexities of Governance, Risk Management, and Compliance (GRC) is a critical challenge for Small and Medium-sized Businesses (SMBs) in the…
https://www.zengrc.com/blog/what-are-audit-procedures-for-internal-controls/
Audit procedures are the processes and methods auditors use to obtain sufficient, appropriate audit evidence to give their professional judgment about the…
https://www.zengrc.com/blog/top-hyperproof-alternatives-for-grc-in-2024-a-comprehensive-guide/
In today’s highly complex business landscape, enterprises are ever more aware of the need for robust governance, risk management, and compliance (GRC)…
https://www.zengrc.com/blog/who-owns-pci-controls-unpacking-zengrc-compliance/
PCI DSS compliance is crucial for any business that processes, stores, or transmits cardholder data. But who exactly is responsible for implementing and…
https://www.zengrc.com/blog/technical-controls-iso-27001-data-security/
ISO 27001 is an international standard specifying the principles and controls businesses may use to create an Information Security Management System (ISMS)…
https://www.zengrc.com/blog/critical-importance-of-isms-and-soa-compliance/
Information Security Management Systems (ISMS) based on ISO 27001 are becoming increasingly critical for organizations to manage information security risks and…
https://www.zengrc.com/blog/why-theres-no-such-thing-as-pci-certification/
If your business takes debit or credit card payments online or in person, you've most likely heard of "PCI DSS" or "PCI SSC." These words…
https://www.zengrc.com/blog/whats-the-difference-between-risk-appetite-vs-risk-tolerance/
In the field of risk management, and particularly cybersecurity risk management, confusion often arises about the definitions of several risk-related terms…
https://www.zengrc.com/blog/2024s-best-grc-platforms-for-enterprises-an-expert-ranking/
In today’s highly complex business landscape, enterprises are ever more aware of the need for robust governance, risk management, and compliance (GRC)…
https://www.zengrc.com/blog/eu-ai-act-explained/
The European Union's Artificial Intelligence Act emerged at the end of 2023 as a landmark law for the digital age and for the regulation of…
https://www.zengrc.com/blog/troubleshooting-vulnerability-scan-failures-a-quick-guide/
In the digital age, assuring the security and integrity of IT infrastructure is paramount for businesses of all sizes. Vulnerability scanning plays a crucial…
https://www.zengrc.com/blog/2024s-top-grc-solutions-finding-the-best-for-your-business/
Implementing an effective governance, risk, and compliance (GRC) framework has become essential for businesses seeking to manage risk and assure regulatory…
https://www.zengrc.com/blog/5-reasons-to-implement-third-party-risk-management-software/
According to a 2022 Gartner survey, 84 percent of executive risk committee members say that “misses” in third-party risk disrupted their business operations…
https://www.zengrc.com/blog/benefits-of-risk-management-software/
Enterprise Risk Management (ERM) has become increasingly important in today’s complex business environment, where organizations face various risks: operational…
https://www.zengrc.com/blog/audit-checklist-for-soc-2/
Passing a SOC 2 compliance audit gives your clients the assurance that their data is safe in your hands. This checklist can help you prepare.
https://www.zengrc.com/blog/competing-with-zengrc-a-look-at-the-markets-top-players/
In the evolving landscape of governance, risk management, and compliance (GRC) management, organizations increasingly rely on sophisticated software to…
https://www.zengrc.com/blog/what-is-a-compliance-management-dashboard/
A compliance management dashboard is a tool that offers organizations an overview of their organizational and regulatory compliance issues and initiatives in a…
https://www.zengrc.com/blog/what-is-a-compliance-management-system/
In the intricate landscape of modern business, adhering to regulatory compliance standards is not just an obligation; it's a critical component of sustainable…
https://www.zengrc.com/blog/nist-800-171-compliance-checklist/
The CCPA applies to any company that does business in the state of California and collects personal information and data from its customers. Read on to learn more.
https://www.zengrc.com/blog/iso-9001-internal-audit-checklist/
ISO 9001 is an internationally recognized standard for implementing a quality management system (QMS) focused on delivering products or services that meet…
https://www.zengrc.com/blog/what-are-the-similarities-and-differences-between-fisma-vs-fedramp-certification/
The U.S. federal government has many laws and regulations intended to assure strong cybersecurity for government agencies. Two of the most important are the…
https://www.zengrc.com/blog/manual-grc-spreadsheets-not-solution/
In today's rapidly evolving business environment, the stakes for maintaining robust governance, risk management, and compliance (GRC) practices have never been…
https://www.zengrc.com/blog/coso-based-internal-auditing/
Internal audit and compliance departments benefit from having a comprehensive framework to use to perform corporate risk assessment and internal control...
https://www.zengrc.com/blog/a-hipaa-physical-safeguards-risk-assessment-checklist/
Embarking on the journey to HIPAA compliance demands a meticulous approach, particularly when it comes to safeguarding electronic Protected Health…
https://www.zengrc.com/blog/choosing-the-best-insurance-compliance-software-for-your-business/
Compared to most other business sectors, the insurance industry is tightly regulated — and for many good reasons. Most people rarely interact with their…
https://www.zengrc.com/blog/what-are-compliance-automation-tools/
Staying compliant with ever-changing regulatory and risk management standards can be a daunting task. Compliance automation tools have emerged as a vital…
https://www.zengrc.com/blog/5-pitfalls-of-a-compliance-only-solution/
In the complex world of regulatory landscapes, it's critical to ensure that your organization isn't just meeting the minimum standards, but excelling in its…
https://www.zengrc.com/blog/what-is-meant-by-risk-evaluation/
Risk evaluation is how you determine the severity of potential risks. The risk evaluation process has two components: risk assessment and risk analysis.
https://www.zengrc.com/blog/what-is-fedramp-3pao/
Third-party assessment organizations, or “3PAOs,” play a crucial role in compliance with the Federal Risk and Authorization Management Program, more commonly…
https://www.zengrc.com/blog/how-automated-compliance-can-reduce-the-cost-of-compliance/
Corporate compliance is not a new idea; for many years, organizations everywhere have had to comply with certain rules and standards to reduce risks and…
https://www.zengrc.com/blog/what-is-supply-chain-compliance/
Most companies sit in the middle of a supply chain. So, if your business wants to reduce the chance that one or more of your…
https://www.zengrc.com/blog/guide-to-gdpr-compliance-for-us-companies/
The General Data Protection Regulation (GDPR) has a massive influence on data privacy throughout the globe. But what are the ramifications for the GDPR in…
https://www.zengrc.com/blog/cobit-2019-audit-checklist/
With our COBIT 2019 audit checklist, you can leverage your COBIT 5-compliant IT program to create an integrated, holistic approach to cybersecurity.
https://www.zengrc.com/blog/choosing-governance-risk-compliance-tool/
Explore how RiskOptics' ZenGRC tool streamlines GRC management, ensuring constant vigilance and PCI compliance audit efficiency.
https://www.zengrc.com/blog/key-steps-to-becoming-nist-compliant/
Identifying the key steps to becoming NIST compliant means determining whether you want to be NIST 800-52 or NIST 800-171 compliant.
https://www.zengrc.com/blog/a-riskinsiders-guide-to-pci-dss-v4-0-compliance-key-changes-and-deadlines/
In the ever-evolving landscape of data security and compliance, businesses must always stay current with the latest industry standards. As 2024 arrives, one…
https://www.zengrc.com/blog/what-are-the-12-requirements-of-pci-dss/
The Payment Card Industry Data Security Standard (PCI DSS) sets standards to keep the global payment card ecosystem trustworthy. Developed and maintained by…
https://www.zengrc.com/blog/https-reciprocity-com-blog-key-pillars-of-a-strategic-data-management-plan/
Does your organization rely on data for decisions and actions? If so, you need Strategic Data Management (SDM) and an SDM plan. SDM is a systematic…
https://www.zengrc.com/blog/iso-9000-vs-9001/
ISO 9000 and ISO 9001 are terms often used mixed when discussing quality management at an organization, but they refer to separate things. While both…
https://www.zengrc.com/blog/https-reciprocity-com-resources-what-is-the-threshold-application-of-the-ccpa/
When the California Consumer Privacy Act was enacted at the start of 2020, many businesses scrambled to determine whether the law applied to them. The…
https://www.zengrc.com/blog/what-is-third-party-vendor-management/
Your company may be exposed to financial, operational, and reputational risks when conducting business with third parties. While third-party providers may be…
https://www.zengrc.com/blog/compliance-automation-and-its-benefits-for-reporting/
What are some of the worries that keep compliance professionals up at night? For one, stressful stakeholder meetings and keeping abreast of the latest…
https://www.zengrc.com/blog/data-protection-vs-data-privacy/
Advanced cybersecurity threats have heightened the harm of data breaches. At the same time, individuals have become increasingly aware of the information they…
https://www.zengrc.com/blog/what-is-iso-9001/
What Is ISO 9001? ISO 9001 is the most well-known international standard for Quality Management Systems (QMS), published by the International Organization for…
https://www.zengrc.com/blog/what-is-the-iso-31000-standard/
In the dynamic world of enterprise risk management, the ISO 31000 standard is a beacon of guidance, providing a structured and universally accepted approach to…
https://www.zengrc.com/blog/what-is-cobit/
Control Objectives for Information and Related Technologies (COBIT) is an internationally recognized IT governance framework published by the Information…
https://www.zengrc.com/blog/soc-2-data-center-standards-for-compliance-explained/
Organizations that use a data center to support their infrastructure and computing needs must consider compliance as part of their overall risk management and…
https://www.zengrc.com/blog/what-is-an-audit-management-system/
An audit management system is a combination of software and business processes that, when used together, significantly reduce the time and effort necessary for…
https://www.zengrc.com/blog/https-reciprocity-com-blog-continuous-monitoring-for-real-time-compliance/
The increasing number and sophistication of data breaches have led to increased concern among boards, regulators, and the public about threats to the data…
https://www.zengrc.com/blog/what-is-compliance-automation/
Regulatory compliance can be an enormous burden for complex or highly regulated businesses. Perhaps the best way to alleviate that burden is to embrace…
https://www.zengrc.com/blog/https-reciprocity-com-resources-does-fcpa-apply-to-private-companies/
The European Union’s General Data Protection Regulation (GDPR) went into effect in 2018, imposing a strict privacy regime to control how organizations can…
https://www.zengrc.com/blog/new-year-new-grc-setting-the-foundation-for-grc-maturity/
Building a strong governance, risk, and compliance (GRC) program for your organization is akin to laying a solid foundation before building a skyscraper: the…
https://www.zengrc.com/blog/what-is-fedramp-compliance/
The Federal Risk and Authorization Management Program (FedRAMP) is a program run by the U.S. federal government to help cloud service providers bid on…
https://www.zengrc.com/blog/3-ways-to-improve-your-website-security-for-2024/
In today's digital landscape, where a robust online presence is fundamental to success, robust website security is an imperative. That said, as we venture into…
https://www.zengrc.com/blog/determining-your-cyber-risk-quantification/
In the modern digital landscape, understanding and managing cyber risk is crucial for organizations of all sizes. That means you need to quantify risks, to…
https://www.zengrc.com/blog/what-is-pci-compliance/
If your organization processes debit or credit card payments, you've likely heard the terms "PCI DSS" or "PCI SSC." These phrases refer to security measures…
https://www.zengrc.com/blog/disaster-recovery-policy-template/
In an era where cyber threats are increasingly sophisticated and unpredictable, prioritizing risk management has become critical. Cybersecurity breaches…
https://www.zengrc.com/blog/how-to-assure-your-compliance-strategy-evolves-over-time/
Compliance is a constant issue that affects businesses in multiple ways every day. Not only must your compliance program address individual acts of misconduct;…
https://www.zengrc.com/blog/what-is-sox-compliance/
The Sarbanes-Oxley Act (SOX) was passed in 2002 to protect investors by improving the accuracy and reliability of corporate financial reporting. Also known as…
https://www.zengrc.com/blog/compliance-risk-assessment-tools-to-use/
In today’s ever-evolving business landscape, the ability to achieve and maintain regulatory compliance is crucial for business success. All companies…
https://www.zengrc.com/blog/how-compliance-risk-management-software-can-benefit-your-organization/
In an era where regulatory frameworks are continuously evolving, and the cost of non-compliance is higher than ever, organizations are increasingly turning to…
https://www.zengrc.com/blog/cyber-vrm-best-practices/
In our digital age, where business partnerships and collaborations can span the globe, managing the risks associated with vendors and third parties has become…
https://www.zengrc.com/blog/what-does-pci-dss-stand-for/
In the digital age, where every transaction and click leaves a footprint, the security of payment card information has never been more crucial. Enter PCI…
https://www.zengrc.com/blog/creating-a-plan-for-supply-chain-sustainability/
The COVID-19 pandemic demonstrated the imperative for businesses to look beyond simple profit considerations when developing their supply chain management…
https://www.zengrc.com/blog/ccpa-compliance-automation-tools/
As global concern for data privacy escalates, governments worldwide are intensifying their efforts by implementing stringent data protection laws. One of the…
https://www.zengrc.com/blog/what-is-protected-health-information-phi/
Stolen medical data is hugely valuable on the dark web — and the healthcare industry has many data breaches to prove it. Healthcare data breaches increased…
https://www.zengrc.com/blog/what-is-zero-trust-architecture/
Zero Trust Architecture (ZTA) is a security model that trains compliance teams and IT staff to never automatically trust any requests on their networks, even…
https://www.zengrc.com/blog/preparing-for-fedramp/
Many government agencies exist as businesses and organizations use cloud-based technology for various services. Cloud computing is the way of the future – but…
https://www.zengrc.com/blog/what-is-data-governance/
Data governance is the collection of policies and practices that an organization uses to assure that it can use its data assets effectively and efficiently…
https://www.zengrc.com/blog/what-is-a-pci-gap-assessment/
A PCI DSS gap assessment (sometimes called a PCI gap analysis) examines a company’s cardholder data environment (CDE) to determine compliance with the Payment…
https://www.zengrc.com/blog/hybrid-cloud-vs-multi-cloud-whats-the-difference/
In the beginning, there was “the cloud.” The concept was a bit fuzzy around the edges (like all clouds), but compliance officers understood what the…
https://www.zengrc.com/blog/what-is-the-fedramp-marketplace/
The Federal Risk and Authorization Management Program (FedRAMP) is meant to assure the security of cloud services used by the U.S. government. It standardizes…
https://www.zengrc.com/blog/pci-dss-requirements/
The Payment Card Industry Data Security Standard (PCI DSS) protects cardholder and sensitive authentication data wherever merchants or service providers store…
https://www.zengrc.com/blog/mapping-cobit-to-coso/
Mapping COBIT to COSO The Sarbanes-Oxley Act (SOX) requires publicly traded companies to declare and adopt a framework that the business will use to…
https://www.zengrc.com/blog/data-loss-prevention-best-practices/
Most organizations have at least one thing in common: they generate and consume more and more data yearly. Dealing with all this data can be…
https://www.zengrc.com/blog/aws-regulatory-compliance/
For many organizations, the transition to the cloud for data storage is inevitable. Whether shifting operations entirely to a cloud environment or modernizing…
https://www.zengrc.com/blog/what-is-regulatory-compliance/
Regulations have long existed to govern how organizations collect and use information online and what cybersecurity precautions organizations should take while…
https://www.zengrc.com/blog/5-steps-to-ramp-and-scale-your-grc-program-2/
Acknowledging the invaluable role of spreadsheets in managing Governance, Risk, and Compliance (GRC) tasks over the years is like tipping our hats to a…
https://www.zengrc.com/blog/what-is-sox/
The Sarbanes-Oxley Act, or SOX, sets out important rules that publicly traded companies must follow. These rules are meant to ensure these companies are honest…
https://www.zengrc.com/blog/cybersecurity-challenges-facing-higher-education/
With more colleges and universities incorporating Software-as-a-Service (SaaS) platforms to support registrars, admissions, and financial aid offices, schools…
https://www.zengrc.com/blog/effective-workflow-for-your-audit-management-process-2/
External and internal audits generate better insight into your data security, yet most employees flee from the process. Audits are cumbersome, time-consuming…
https://www.zengrc.com/blog/cloud-can-help-with-data-loss-prevention/
Data loss can cause tremendous damage to a business. It diminishes trust in your brand and can lead to financial losses from lawsuits, fines for…
https://www.zengrc.com/blog/benefits-of-cloud-adoption-in-insurance/
The rise of cloud computing has been one of the most transformative technologies of the past several decades. According to research firm Gartner, public cloud…
https://www.zengrc.com/blog/what-is-a-gdpr-compliance-risk-assessment/
A GDPR Compliance Risk Assessment is a systematic process used by organizations to identify, evaluate, and mitigate the risks associated with the processing…
https://www.zengrc.com/blog/what-are-the-ccpa-categories-of-personal-information/
The California Consumer Privacy Act (CCPA), the United States’s strictest and most comprehensive data privacy law, has the broadest definition of “personal…
https://www.zengrc.com/blog/https-reciprocity-com-resources-what-is-pci-dss-network-segmentation-2/
Any company bidding on U.S. government contracts while the company itself uses cloud services for its own IT operations will need to assure that those…
https://www.zengrc.com/blog/how-automation-can-ensure-compliance-and-safety-for-businesses/
In today’s complicated, highly interdependent business environment, assuring business security is not just a regulatory requirement. It’s also a vital…
https://www.zengrc.com/blog/what-is-fcpa-compliance/
In today's global business landscape, ensuring ethical practices and maintaining legal compliance are paramount. The U.S. Foreign Corrupt Practices Act (FCPA)…
https://www.zengrc.com/blog/are-public-companies-required-to-be-audited/
Audits play a pivotal role in corporate governance, compliance, and finance. They are crucial tools to assure transparency, accountability, and trust in the…
https://www.zengrc.com/blog/how-long-do-i-have-to-respond-to-ccpa-verifiable-consumer-requests/
The California Consumer Privacy Act (CCPA) imparts primary compliance responsibilities onto businesses that collect personal data from California residents…
https://www.zengrc.com/blog/3-factors-to-consider-when-buying-risk-register-software/
Managing risk is a complicated task because modern organizations have so many risks to address. One way to track all those risks is via a…
https://www.zengrc.com/blog/what-is-a-data-retention-policy/
A data retention policy is a company’s established protocol for keeping records for a set period. It may also be called a records retention policy…
https://www.zengrc.com/blog/how-to-simplify-pci-compliance-with-saqs/
Even before the pandemic forced most of us to shop online, we were already heading in that direction — an easy transition considering that, according…
https://www.zengrc.com/blog/3-biggest-mistakes-to-avoid-when-creating-an-incident-management-program/
Every IT organization focuses on incident prevention, as even the slightest “situation” involving security breaches, system outages, or other significant…
https://www.zengrc.com/blog/5-strategies-for-successful-workload-and-data-migration-to-the-cloud/
According to the Flexera 2021 State of the Cloud Report, the cloud has already become “mainstream,” with organizations in almost every industry migrating into…
https://www.zengrc.com/blog/back-to-basics-making-a-start-with-grc/
Implementing an effective governance, risk, and compliance (GRC) program has become indispensable for streamlining business operations, automating workflows…
https://www.zengrc.com/blog/strategies-for-isolation-in-cloud-computing/
Every day, more and more businesses move more and more applications, data, IT systems, and other operations onto the cloud. And why not? Cloud computing makes…
https://www.zengrc.com/blog/https-reciprocity-com-resources-what-is-pci-dss-network-segmentation/
2020 was not a good year for cybersecurity. In the first half of that year alone, ransomware (a special kind of malware) attacks increased by…
https://www.zengrc.com/blog/what-is-data-classification-why-is-it-important/
Data classification refers to the process of analyzing data (both structured and unstructured) and then organizing that data into defined categories based on…
https://www.zengrc.com/blog/what-is-fedramp-certification/
Cloud service providers (CSPs) that want to compete for U.S. federal government contracts must first obtain FedRAMP certification — akin to a seal of approval…
https://www.zengrc.com/blog/what-is-a-soc-report/
As data breaches become more widespread, most businesses are prioritizing information security. According to a study by IBM and Ponemon Institute, the…
https://www.zengrc.com/blog/what-is-a-soc-audit/
Businesses rely on third-party vendors to streamline day-to-day operations and assure sustained functionality now more than ever. This is seen by the rise of…
https://www.zengrc.com/blog/when-should-i-consider-a-soc-3-audit/
The best time to get a SOC 3 audit is…when you get a SOC 2 audit because the audits are the same. Why, then, are there…
https://www.zengrc.com/blog/what-is-compliance-testing/
Compliance testing, also known as conformance testing, is a type of software testing to determine whether a software product, process, computer program, or…
https://www.zengrc.com/blog/what-is-a-high-risk-vendor/
When managing your supply chain, you rely on many external vendors to keep your operations running smoothly. However, not all vendors pose the same risk…
https://www.zengrc.com/blog/state-ramp-faq/
Cybersecurity risks have proliferated ceaselessly over the years, and state governments have been a prime target of those attacks. State governments handle…
https://www.zengrc.com/blog/which-soc-report-do-you-need/
If your enterprise is a service provider that handles customer data, it should have a System and Organization Controls for Service Organizations 2 (SOC 2)…
https://www.zengrc.com/blog/whats-the-relationship-between-cobit-and-togaf/
Regarding enterprise architecture frameworks, The Open Group Architecture Framework (TOGAF) and Control Objectives for Information and Related Technologies…
https://www.zengrc.com/blog/what-are-the-three-internal-controls/
From a business perspective, internal controls have historically held their roots in auditing and accounting. As organizational security has evolved over the…
https://www.zengrc.com/blog/what-is-the-hipaa-security-rule/
Technology integration has revolutionized how medical professionals operate in today's healthcare landscape. Clinical applications like electronic health…
https://www.zengrc.com/blog/what-are-the-penalties-for-violating-the-ccpa/
The California Consumer Privacy Act (CCPA) can be expensive to break, with several ways that regulators and the public can bring actions seeking financial…
https://www.zengrc.com/blog/what-are-the-penalties-for-violating-hipaa/
The Healthcare Insurance Portability and Accountability Act (HIPAA) is a U.S. law that governs how organizations must handle protected health information (PHI)…
https://www.zengrc.com/blog/what-is-data-compliance/
Data compliance refers to the policies, procedures, and technologies organizations implement to sustain data privacy and security compliance. It involves…
https://www.zengrc.com/blog/complete-guide-to-financial-industry-regulatory-authority/
The Financial Industry Regulatory Authority (FINRA) is the organization in charge of securities licensing and requirements. Under stringent financial regulation…
https://www.zengrc.com/blog/what-are-the-five-trust-services-principles-for-soc-2-and-soc-3/
In an era where data integrity and security are paramount, compliance frameworks like SOC 2 certification and SOC 3 are pillars of trust and credibility.…
https://www.zengrc.com/blog/data-exfiltration-what-it-is-and-how-to-prevent-it/
Protecting your data is an important component of your cyber risk management plan and involves a certain level of preparedness for an event like a…
https://www.zengrc.com/blog/why-do-compliance-programs-fail/
Establishing compliance programs represents a significant undertaking for organizations across sectors. However, many such initiatives fail to achieve their…
https://www.zengrc.com/blog/why-are-remote-access-policies-important/
When the COVID-19 pandemic forced the closure of offices worldwide, many companies that hadn’t previously considered remote access to their corporate networks…
https://www.zengrc.com/blog/sourcing-responsibility-to-vendors-could-be-your-biggest-mistake/
For small businesses especially, outsourcing has become the norm – and for a good reason. Specialized vendors can increase the efficiency of your company so…
https://www.zengrc.com/blog/it-vendor-management-framework/
For most businesses, third-party vendors are essential to the business ecosystem. A study by Gartner found that in 2019, 60 percent of organizations worked…
https://www.zengrc.com/blog/who-can-perform-a-soc-2-audit/
The SOC 2 standard for assessing cybersecurity was established by the American Institute of Certified Public Accountants (AICPA). This means only independent…
https://www.zengrc.com/blog/what-is-an-iso-stage-2-audit/
An International Standards Organization (ISO) Stage 2 audit evaluates the implementation and effectiveness of a company’s management system. It is often…
https://www.zengrc.com/blog/what-is-iso-14001/
ISO 14001 is the international standard that specifies requirements for an effective environmental management system to achieve ISO compliance. An environmenta…
https://www.zengrc.com/blog/what-is-the-hipaa-privacy-rule/
The HIPAA Privacy Rule, formally known as the Standards for Privacy of Individually Identifiable Health Information, is a cornerstone of healthcare compliance…
https://www.zengrc.com/blog/what-is-gdpr/
The GDPR (General Data Protection Regulation) is a data protection law that mandates all companies doing business within the European Union (EU) member states…
https://www.zengrc.com/blog/what-is-pci-dss-certification/
Understanding PCI DSS Certification vs. Compliance There is no "PCI DSS certificate" in the traditional sense because payment card data security is an ongoing…
https://www.zengrc.com/blog/why-is-fedramp-important-for-state-and-local-agencies/
The Federal Risk and Authorization Management Program (FedRAMP) was launched by a group of federal agencies that realized the efficiency of having a single…
https://www.zengrc.com/blog/what-is-pci-pa-dss/
The Payment Application Data Security Standard (PA-DSS) is a program designed to help companies like software vendors build secure payment applications that…
https://www.zengrc.com/blog/to-whom-does-the-ccpa-apply/
The California Consumer Privacy Act (CCPA) applies to certain for-profit businesses that collect or have collected the personal information of California…
https://www.zengrc.com/blog/what-is-coso/
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed initially to enable the National Commission on Fraudulent Financial…
https://www.zengrc.com/blog/pci-scope-what-is-it-best-practices/
E-commerce is a huge commercial realm, with some 2.14 billion digital buyers worldwide by the end of 2021. At the heart of e-commerce is the ability…
https://www.zengrc.com/blog/what-is-a-soc-2-readiness-assessment-and-why-do-you-need-it/
SOC 2 audits are independent assessments of your company’s cybersecurity posture, and those audits are no walk in the park. Hence it would be wise…
https://www.zengrc.com/blog/navigating-the-waters-of-change-a-risk-experts-roadmap-for-nydfs-cybersecurity-regulation-compliance/
In the fast-paced world of cybersecurity, change is not only constant but crucial. The New York Department of Financial Services (NY-DFS) demonstrated that…
https://www.zengrc.com/blog/consolidated-objectives-ebook/
Learn how to reduce the complexity of staying compliant by implementing consolidated objectives with step-by-step guidance.
https://www.zengrc.com/blog/what-is-a-ssae-18-audit/
The SSAE 18, or Statement on Standards for Attestation Engagements No. 18, auditing standards require that service organizations confirm and re-confirm…
https://www.zengrc.com/blog/differences-between-fedramp-fisma/
The U.S. federal government is one of the largest organizations in the world, and a vast number of private businesses provide goods and services to…
https://www.zengrc.com/blog/how-to-prepare-for-the-new-pci-dss-version-4/
By Mike Killinger, GRC Solutions Consultant As the world of digital payments evolves rapidly, staying ahead in terms of security standards is paramount for…
https://www.zengrc.com/blog/what-is-fedramp/
The Federal Risk and Authorization Management Program, commonly known as FedRAMP, represents the U.S. federal government's strategic initiative to transition…
https://www.zengrc.com/blog/what-does-it-mean-to-be-iso-certified/
The International Organization for Standards (ISO) creates and publishes industry standards intending to respond to customer satisfaction concerns regarding a…
https://www.zengrc.com/blog/what-is-an-iso-stage-1-audit/
An International Standards Organization (ISO) Stage 1 audit determines whether a company is ready for its ISO Stage 2 Certification Audit. It is the first…
https://www.zengrc.com/blog/soc-2-vs-pci-compliance-whats-the-difference/
Inherent Risk vs. Control Risk: What’s the Difference? Any company that processes or stores personal consumer data has likely encountered the System and…
https://www.zengrc.com/blog/what-is-iso-19011/
ISO 19011 is a set of guidelines for auditing management systems. It is an international standard to help organizations perform these audits. ISO 19011 is…
https://www.zengrc.com/blog/what-does-a-soc-2-report-cover/
Information security is front of mind for most companies today, as data breaches are increasingly common. According to IBM and Ponemon Institute study, The…
https://www.zengrc.com/blog/what-is-pci-saq/
The PCI Data Security Standard Self-Assessment Questionnaire (PCI SAQ) is a crucial tool in the arsenal of merchants and service providers navigating the…
https://www.zengrc.com/blog/what-is-hipaa/
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, represents a crucial cornerstone in the safeguarding of patient health information…
https://www.zengrc.com/blog/what-is-the-iso-27002-standard/
ISO/IEC 27002:2013, established by the International Organization for Standardization and the International Electrotechnical Commission, provides guidelines to…
https://www.zengrc.com/blog/what-is-a-pci-roc-report-on-compliance/
According to Verizon’s 2022 Payment Security Report, only 43% of businesses achieved complete compliance during their PCI DSS compliance assessment. As a…
https://www.zengrc.com/blog/what-is-sox-reporting/
In the early 2000s, corporate titans Enron, WorldCom, and Tyco became household names — thanks to huge accounting scandals at each one, ruining inventors and…
https://www.zengrc.com/blog/embracing-risk-for-a-brighter-tomorrow/
Once upon a time in the world of business, risk was seen as something to be feared, a looming specter of potential failure. However, in…
https://www.zengrc.com/blog/say-goodbye-to-boring-6-innovative-ways-to-boost-your-cybersecurity-training/
Introduction Think cybersecurity training is just a snore fest of jargon and compliance checkboxes? Think again. Welcome to the new era of Cybersecurity…
https://www.zengrc.com/blog/unlocking-growth-building-a-business-case-for-grc-applications/
In the ever-evolving landscape of modern business, staying ahead of the curve has become synonymous with survival. Governance, risk, and compliance (GRC)…
https://www.zengrc.com/blog/what-is-the-pci-dss-attestation-of-compliance/
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) can be challenging for many retailers and other businesses that process payment card…
https://www.zengrc.com/blog/what-is-a-soc-2-type-2-audit/
A System and Organization Controls for Service Organizations 2 (SOC 2) audit assesses how well a service provider's internal controls and practices safeguard…
https://www.zengrc.com/blog/do-banks-need-to-be-pci-compliant/
Learn how PCI DSS applies to banks, what it protects, and why meeting its standards can benefit both compliance efforts and security posture.
https://www.zengrc.com/blog/what-are-the-pci-audit-log-retention-requirements/
Generating an audit trail is not just good practice but is also integral to achieving PCI compliance, which stands for Payment Card Industry Data Security…
https://www.zengrc.com/blog/what-is-pci-compliance-level-2/
The Payment Card Industry Data Security Standard (PCI DSS) Level 2 merchants process between 1 and 6 million Visa, Mastercard, and Discover transactions…
https://www.zengrc.com/blog/what-is-pci-compliance-level-3/
The Payment Card Industry Data Security Standard’s (PCI DSS) compliance Level 3 applies to mid-size merchants that, generally speaking, process between 20,000…
https://www.zengrc.com/blog/iso-compliance-vs-certification-whats-the-difference/
ISO certification means that a third party has independently validated that an organization conforms to standards established by the International Organization…
https://www.zengrc.com/blog/who-needs-pci-dss-compliance/
If you are a company that processes debit or credit card payments online or in person, you may have heard of “PCI DSS” or the…
https://www.zengrc.com/blog/what-is-segregation-of-duties-in-auditing/
Safeguarding the integrity of financial systems and protecting against fraud and errors are paramount concerns for any business. One way to address both of…
https://www.zengrc.com/blog/should-cyber-insurance-cover-ransomware-protection/
In the modern digital age, the specter of ransomware looms large over businesses, governments, and individuals alike. The pervasive threat has led to a new…
https://www.zengrc.com/blog/what-is-the-pci-dss-audit-checklist/
The PCI Security Standards Council (PCI SSC) established PCI DSS as a framework for merchants and service providers to use in securing credit card and…
https://www.zengrc.com/blog/iso-9001-quality-management-principles/
Discover the eight ISO 9001 principles that drive quality, customer satisfaction, and continuous improvement in any industry.
https://www.zengrc.com/blog/kpis-for-measuring-compliance-effectiveness/
“Corporate compliance” means that your company and its employees follow the laws, regulations, standards, and ethical practices applicable to your operating…
https://www.zengrc.com/blog/identifying-assets-for-it-risk-analysis-2/
Any organization that uses information technology should conduct cybersecurity risk assessments from time to time. Each organization, however, faces its own…
https://www.zengrc.com/blog/identity-access-management-best-practices/
In today’s unpredictable business environment, your organization is more important than ever to be protected against cybercrime. One of the best ways to ensure…
https://www.zengrc.com/blog/how-to-achieve-pci-compliance-on-aws/
If your company processes credit or debit card transactions you likely are already familiar with the Payment Card Industry Data Security Standard (PCI DSS)…
https://www.zengrc.com/blog/what-is-iso-compliance/
While ISO certification provides independent validation of a company’s conformity to a set of standards created by the International Organization for Standardiz…
https://www.zengrc.com/blog/what-is-an-iso-audit/
“What is an ISO Audit?” This question arises most often with companies just starting their compliance journey. ISO stands for the “International Organization…
https://www.zengrc.com/blog/soc-2-audit-tips-for-small-businesses/
For every business, large and small, data security and cybersecurity vulnerabilities should be a paramount concern. Not only does attention to security…
https://www.zengrc.com/blog/risk-management-software-for-banks/
Compliance with the Bank Secrecy Act (BSA), the primary law that directs banks to develop Anti-Money Laundering (AML) programs, has always been challenging…
https://www.zengrc.com/blog/what-is-compliance-management/
Compliance management ensures an organization’s policies and procedures align with specific rules. The organization’s personnel must follow the policies and…
https://www.zengrc.com/blog/password-management-risks-protect-your-castle/
Love or hate them, passwords have become part of everyday life — from logging into email accounts to signing up for classes, accessing social media…
https://www.zengrc.com/blog/what-is-the-vendor-management-lifecycle-in-grc/
In today's business environment, managing external vendors is more than just a matter of procurement and supply chain logistics. It's a multifaceted process…
https://www.zengrc.com/blog/checklist-for-fedramp-requirements/
Get a checklist of FedRAMP requirements for compliance. Learn about impact levels, common challenges, and how it benefits cloud service providers in all sectors.
https://www.zengrc.com/blog/ssae-18-checklist/
SSAE 18 (Statement on Standards for Attestation Engagements No. 18) is a set of standards and guidance issued by the American Institute of Certified Public…
https://www.zengrc.com/blog/pci-dss-standards/
Everything you need to know about the Payment Card Industry Data Security Standard (PCI DSS) including its goals and requirements, and how your business or…
https://www.zengrc.com/blog/pci-compliance-checklist/
PCI DSS compliance – that is, the security standard to protect the personal data of credit card users – can feel insurmountable. The Payment Card…
https://www.zengrc.com/blog/what-is-compliance-reporting/
The most effective way for an organization to get a clear understanding of its compliance efforts is through regular, in-depth compliance reporting. Complianc…
https://www.zengrc.com/blog/do-i-need-pci-compliance/
The Payment Card Industry Data Security Standard (PCI DSS) sets the security standards essential for all business owners that process, store, or transmit…
https://www.zengrc.com/blog/what-are-vendor-performance-reviews/
Vendor performance evaluations or reviews help you periodically assess the quality of vendor and supplier performance throughout your organization’s supply…
https://www.zengrc.com/blog/why-is-audit-evidence-important/
In today's business landscape, companies face many demands for risk assurance, where proof of regulatory compliance or effective risk management is paramount…
https://www.zengrc.com/blog/what-is-a-cybersecurity-framework/
In an age where our personal, professional, and even political spheres are intricately intertwined with the digital realm, the protection of our cyber…
https://www.zengrc.com/blog/what-is-continuous-monitoring-in-cybersecurity/
As organizations increasingly rely on technology for their day-to-day operations, the need for robust information security measures has become more critical…
https://www.zengrc.com/blog/how-often-are-soc-2-reports-required/
In general, service organizations will undergo annual SOC 2 (Service Organization Controls 2) audit reports based on the Trust Services Principles (Trust…
https://www.zengrc.com/blog/5-steps-to-become-pci-compliant/
Suppose your organization handles payment processing, card transactions, storage, authentication, or credit card data electronic transmission. In that case…
https://www.zengrc.com/blog/user-access-review-program/
When trying to ensure that your user access review is implemented successfully, you may want to consider some of the following tips.
https://www.zengrc.com/blog/what-is-an-internal-audit/
Internal audits are an exercise that an organization undertakes to understand how well the organization is managing the risks that confront it. The audit…
https://www.zengrc.com/blog/the-fine-art-of-scoping-a-soc-2-audit/
Once upon a time, performing a SOC 2 audit was a rite of passage for service companies: "Wow, we're so successful now that big clients…
https://www.zengrc.com/blog/what-is-the-soc-2-common-criteria-list/
The SOC 2 Common Criteria List refers to the set of criteria and principles that service organizations must adhere to and demonstrate compliance with in…
https://www.zengrc.com/blog/what-is-evidence-collection-in-compliance/
Evidence collection is the act of documenting an organization’s compliance processes and outcomes. Evidence collection is one of the best methods an organizatio…
https://www.zengrc.com/blog/how-to-keep-your-hipaa-compliance-efforts-up-to-date/
Everyone in the data privacy world has heard of HIPAA, and the term is often used to explain how, when, and why protected health information…
https://www.zengrc.com/blog/what-are-the-pci-audit-requirements/
If your organization is mandated to pass an on-site audit and submit a Report on Compliance under the Payment Card Industry Data Security Standard (PCI…
https://www.zengrc.com/blog/how-frequently-should-you-audit-for-soc-2/
After your first System and Organization Controls for Service Organizations 2 (SOC 2) report, you’ll most likely want to follow up every year with a…
https://www.zengrc.com/blog/what-is-a-soc-2-audit/
What is a SOC 2 Audit? A System and Organization Controls for Service Organizations 2 (SOC 2) audit evaluates how well a service provider's internal controls…
https://www.zengrc.com/blog/what-are-internal-controls-for-cash/
When determining your organization's risk management and security policies, establishing internal controls is a crucial part of the process. Internal control…
https://www.zengrc.com/blog/what-is-hipaa-compliance/
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires healthcare organizations to protect sensitive patient…
https://www.zengrc.com/blog/what-is-pci-compliance-level-1/
The Payment Card Industry Data Security Standard (PCI DSS) was enacted in 2004 to assure that all businesses that accept, handle, store, or transfer credit…
https://www.zengrc.com/blog/do-i-need-a-soc-2-report/
If your enterprise is a service provider that handles customer data, it should have a System and Organization Controls for Service Organizations 2 (SOC 2)…
https://www.zengrc.com/blog/what-are-the-steps-of-an-audit/
Audits are a critical internal audit process for businesses and organizations to ensure compliance, manage risk, and validate that your business follows…
https://www.zengrc.com/blog/what-is-a-pci-readiness-assessment/
A Payment Card Industry Data Security Standard (PCI DSS) readiness assessment helps an organization evaluate if it is prepared for a full PCI DSS validation…
https://www.zengrc.com/blog/tips-for-effective-vendor-management/
The modern corporation depends on hundreds of vendors (at least) to provide supplies and mission-critical services. Astute management of those vendors can reap…
https://www.zengrc.com/blog/the-benefits-of-using-a-compliance-oriented-data-management-platform/
Data drives the modern economy. The right type, amount, and quality of data lets organizations better understand their customers. This understanding enables…
https://www.zengrc.com/blog/key-steps-to-improving-strategic-vendor-management/
Efficient procurement is crucial to the success of any corporate organization. Hence, companies should consider strategies for effective vendor risk management…
https://www.zengrc.com/blog/what-is-an-iso-quality-audit/
An ISO quality audit serves as a crucial management tool for organizations, enabling them to assess, validate, and confirm various quality-related activities…
https://www.zengrc.com/blog/ciso-and-trust-why-it-matters/
In today's digital business landscape marked by digital transformations and increased information security initiatives, the role of a Chief Information…
https://www.zengrc.com/blog/what-is-an-iso-surveillance-audit/
An ISO surveillance audit is an audit of your business that happens after you achieve compliance with an ISO standard, to assure that you still…
https://www.zengrc.com/blog/what-are-nist-controls-and-how-many-are-there/
The National Institute of Standards and Technology is a U.S. government agency that publishes cybersecurity frameworks organizations can use to strengthen…
https://www.zengrc.com/blog/what-does-iso-certification-cost/
Certifying your compliance with ISO standards for cybersecurity, quality management, and other good business practices can be a great way to demonstrate your…
https://www.zengrc.com/blog/how-do-i-prepare-for-an-iso-surveillance-audit/
An ISO (International Organization for Standardization) surveillance audit is an occasional review of a company’s quality management system or information…
https://www.zengrc.com/blog/how-much-does-a-soc-2-audit-cost/
SOC 2 audits inspect the security controls of vendors and service providers. (“SOC” itself is an abbreviation of System and Organization Controls for Service…
https://www.zengrc.com/blog/what-is-calculated-risk-in-business/
Every business decision involves an element of risk. Management’s job is to assess that level of risk as best as possible, and to weigh that…
https://www.zengrc.com/blog/what-is-a-compliance-risk-assessment/
As global data privacy and cybersecurity regulations continue to proliferate, the pressure for organizations to manage compliance risk grows. And the first…
https://www.zengrc.com/blog/risk-quantification-in-compliance/
Risk management helps organizations to comply with applicable laws, regulations, and operational standards, and to approach “continuous compliance” as much as…
https://www.zengrc.com/blog/mixpanel-sees-swift-value-from-zengrc/
Discover how Mixpanel, a leading product analytics software company, leaned on Reciprocity's Onboarding Services, resulting in an efficient implementation…
https://www.zengrc.com/blog/aera-technology-drives-compliance-efficiency-with-zengrc/
Discover how Aera Technology, a cognitive automation company, rapidly ramped up its enterprise-level certifications, including SOC, HIPAA and ISO, leveraging…
https://www.zengrc.com/blog/what-a-cybersecurity-risk-management-process-entails/
Organizations today are at greater risk of a cyberattack than ever before, and that risk will only grow as new technologies keep emerging in the…
https://www.zengrc.com/blog/third-party-vendor-management-audit-program/
A third-party vendor management audit program requires continuous review of cybersecurity risk and mitigation strategies.
https://www.zengrc.com/blog/the-statistical-analysis-of-measuring-cybersecurity-risk/
Businesses are more at risk of cyber attacks than ever before. Calculating that risk, however, can be a challenging task. In this post we will…
https://www.zengrc.com/blog/continuous-auditing-vs-continuous-monitoring/
Continuous monitoring complements continuous auditing to provide proof of a security-first approach to cybersecurity and prove governance.
https://www.zengrc.com/blog/what-is-a-risk-assessment-matrix/
A risk assessment matrix is an important part of the risk management process. When managing risk, organizations must set objectives, catalog assets, define…
https://www.zengrc.com/blog/most-efficient-techniques-for-quantifying-risks/
With so many threats facing modern companies, knowing which threats to address first can be challenging. Risk quantification is a technique that assigns a…
https://www.zengrc.com/blog/how-to-conduct-a-vulnerability-assessment/
Repairing a weakness in your IT environment is always easier than dealing with the consequences of that weakness — like, say, a massive data breach…
https://www.zengrc.com/blog/rob-ellis-named-acting-chief-executive-officer-of-riskoptics/
Ellis to drive continued growth and customer success for GRC and cyber risk software leader San Francisco, CA – August 24, 2023 – RiskOptics (formerly…
https://www.zengrc.com/blog/cyberinsurance-101-5-things/
With ransomware attacks and malware attacks on the rise, cyber insurance is more than a buzzword. Before purchasing, understand your coverage.
https://www.zengrc.com/blog/nist-csf-categories-and-framework-tiers/
NIST CSF consists of best practices, standards, and guidelines to manage cybersecurity program risk. Read on to learn more.
https://www.zengrc.com/blog/reduce-your-cyber-risk-increase-diversity/
A customer walks into a clothing store to purchase a pair of pants. The salesperson directs them toward ten racks, all filled with khaki pants.…
https://www.zengrc.com/blog/what-is-cyber-insurance-and-is-it-worth-the-costs/
Cyber attacks have grown significantly over the last few years, and their cost to victim organizations marches ceaselessly upward as well. Now many of those…
https://www.zengrc.com/blog/third-party-cyber-risk-management-best-practices/
With organizations relying on external partners for so many services, but 54 percent lacking a complete list of third parties accessing their network, the risk…
https://www.zengrc.com/blog/safeguard-your-business-from-the-risks-of-social-media/
In recent years, social media platforms have become invaluable tools for businesses to engage with their customers, reach a wider audience and enhance their…
https://www.zengrc.com/blog/sec-adopts-cyber-disclosure-rule/
As expected, the Securities and Exchange Commission adopted new rules today requiring publicly traded companies to make more disclosures about the cyber risks…
https://www.zengrc.com/blog/what-is-risk-communication/
Risk management is a team sport. So whether we are assessing health risks during a pandemic, understanding the effect of natural disasters, or trying to…
https://www.zengrc.com/blog/what-is-risk-modeling/
Investments in effective risk management, and especially in IT systems to manage risk, have historically paid huge dividends. In a 2023 PwC US Risk Perspectives…
https://www.zengrc.com/blog/what-is-a-security-vulnerability-assessment/
Protecting corporate networks and IT assets is paramount in today's ever-evolving cybersecurity threat landscape. Cyber criminals use every tactic to discover…
https://www.zengrc.com/blog/how-risk-exposed-is-your-company/
Discover Ways to Secure Your Business 86% of enterprise risk management leaders say their decisions often lead to avoidable risk events. 80% of GRC leaders…
https://www.zengrc.com/blog/common-types-of-network-vulnerabilities-for-businesses/
Network vulnerabilities can leave an organization's entire IT environment compromised. Sensitive data can be lost or (even worse) stolen by cybercriminals. A…
https://www.zengrc.com/blog/what-is-a-network-vulnerability-assessment/
A network vulnerability assessment reviews and analyzes an organization's network infrastructure to find cybersecurity vulnerabilities and network security…
https://www.zengrc.com/blog/key-considerations-for-choosing-the-right-grc-platform/
Assessing Your Needs and Making Informed Decisions Governance, risk, and compliance (GRC) are becoming increasingly complex as global security and privacy…
https://www.zengrc.com/blog/difference-between-penetration-test-vulnerability-scan/
Compliance with regulatory requirements works best when you understand the terms of art used in compliance and cybersecurity, such as the difference between…
https://www.zengrc.com/blog/the-road-to-continuous-compliance/
Compliance is often viewed as a "one and done" activity - an annual rite of passage, for example, performed during yearly audits. That is an…
https://www.zengrc.com/blog/how-to-use-a-maturity-model-in-risk-management/
A crucial part of building a robust and effective enterprise risk management (ERM) program is to perform a periodic review of your organization's risk…
https://www.zengrc.com/blog/what-are-information-security-controls/
What are Information Security Controls? Modern organizations rely extensively on data centers and software systems to store and process valuable data. This…
https://www.zengrc.com/blog/what-is-a-sox-control/
SOX is short for the Sarbanes-Oxley Act, a U.S. federal law that requires public companies to establish and evaluate a set of internal controls over…
https://www.zengrc.com/blog/is-your-industry-prepared-to-fend-off-cyber-threats/
An Industry View of Risk Management Readiness Risk, it seems, is all in the eye of the beholder — or industry, to be more specific. While every…
https://www.zengrc.com/blog/qa-closing-the-cybersecurity-risk-communications-gap/
Today's security executives, such as CISOs, play a crucial role in helping the board and C-suite understand the growing and complex cybersecurity risks their…
https://www.zengrc.com/blog/what-are-the-types-of-information-security-controls/
When safeguarding your business against cyberattacks and data breaches, CISOs and compliance officers can choose from a wide range of information security…
https://www.zengrc.com/blog/what-is-information-security-risk/
Information security risk is the potential danger or harm arising from unauthorized access, use, disclosure, disruption, modification, or destruction of…
https://www.zengrc.com/blog/riskoptics-names-lisa-mogensen-as-chief-financial-officer/
Mogensen brings a wealth of financial and technology experience to RiskOptics in support of rapid business expansion for its cyber risk management solutions Sa…
https://www.zengrc.com/blog/the-state-of-cyber-risk-2023/
Cyber risk management confidence is high Cyber risk has become top of mind at any organization. The 2023 RiskOptics Cyber Risk Viewpoints Report indicates…
https://www.zengrc.com/blog/nist-vs-fedramp/
If you are new to the U.S. government's rules for federal government contractors, there can be a host of tricky compliance terms to navigate. So…
https://www.zengrc.com/blog/nist-new-draft-for-ransomware-risk-management/
Learn the latest about NIST’s new preliminary draft for a ransomware risk management framework. Cyberattacks against businesses of all sizes are at all-time…
https://www.zengrc.com/blog/what-you-should-know-about-the-new-cyber-security-evaluation-tool-model/
Discover the changes CISA has made to their Cyber Security Evaluation Tool and what it could mean for your business. What Is a Cybersecurity Evaluation? A…
https://www.zengrc.com/blog/how-to-automate-cyber-risk-quantification/
The attack surface for most organizations is constantly expanding, and security teams struggle to decide which parts of that surface deserve priority for…
https://www.zengrc.com/blog/what-are-the-different-types-of-risk-assessments/
Risk assessments are a critical step in the risk management process. To protect your company properly, you must first determine the threats you face and…
https://www.zengrc.com/blog/what-is-the-first-step-in-security-awareness/
Security awareness is the process of providing your workforce with cybersecurity training and education so that they understand the importance of security in…
https://www.zengrc.com/blog/security-exception-vs-risk-acceptance-whats-the-difference/
Businesses face an endless stream of security concerns. Internal controls and security procedures help, but not every risk can be managed out of existence. To…
https://www.zengrc.com/blog/cybersecurity-risks-in-hybrid-working-environments/
Many companies now operate in a hybrid work environment. The term encompasses any number of specific workplace arrangements, but ultimately refers to a more…
https://www.zengrc.com/blog/what-is-endpoint-detection-and-response/
Your organization's daily operations depend on connections: to your clients, vendors, staff, and other parties. In our era of the Internet of Things (IoT)…
https://www.zengrc.com/blog/updated-fraud-risk-guidance-available/
This article first appeared on RadicalCompliance May 4, 2023. Auditors and other anti-fraud professionals have fresh guidance this week on how to manage fraud…
https://www.zengrc.com/blog/ato-attacks-what-you-should-know-about-protection-and-prevention/
Among all the cyber attack techniques gaining prominence, account takeover (ATO) attacks are perhaps the most unnerving for businesses. Even though financial…
https://www.zengrc.com/blog/riskoptics-announces-cyber-risk-viewpoints-survey-results/
RiskOptics survey finds increasing cyberattacks, staffing problems, decreased funding and a lack of understanding by company leadership as other key industry…
https://www.zengrc.com/blog/continuous-control-monitoring/
When creating a strong risk management program within your organization, your business processes need controls in place for maintaining security and mitigating…
https://www.zengrc.com/blog/benefits-of-vendor-risk-management-software/
Vendor risk management (VRM) has become a critical component of business continuity, especially given today's cybersecurity threat landscape. That said, VRM is…
https://www.zengrc.com/blog/what-are-risk-management-methodologies-in-compliance/
In the modern business environment, managing risk is critical for both business continuity and achievement of financial and strategic goals. A robust risk…
https://www.zengrc.com/blog/steps-to-improve-your-security-posture/
As an enterprise leader or cybersecurity professional, you know that the threat landscape is expanding. You know that cybercriminals get smarter every day…
https://www.zengrc.com/blog/what-is-the-cisos-role-in-risk-management/
The Chief Information Security Officer (CISO) role has become one focused on risk management to protect critical information assets from malicious actors.
https://www.zengrc.com/blog/nist-vs-iso-whats-the-difference/
Cybersecurity frameworks help countless businesses to better secure their IT systems. Two of the most widely known frameworks for information security are the…
https://www.zengrc.com/blog/reciprocity-transforms-to-riskoptics-delivers-contextual-risk-management-to-fulfill-the-promise-of-grc/
Company unveils the next generation of its ROAR platform including features to quantify the financial impact of risk and automate workflows San Francisco —…
https://www.zengrc.com/blog/a-new-company-name-with-a-stronger-connection-to-our-mission/
Naming a company is one of the most important decisions a business ever makes. It's the first thing potential customers will see, and it's what…
https://www.zengrc.com/blog/key-steps-to-manage-operational-risk/
Learn about the various types of operational risk and steps you can take to protect your organization.
https://www.zengrc.com/blog/risky-business-risk-assessments-101/
Is your Information Security team is looking to get a better handle on your company’s risk? Read this primer to help you build compliance risk assessments.
https://www.zengrc.com/blog/duty-of-care-risk-analysis-docra-explained/
Legal authorities and the general public typically hold organizations accountable for any harm caused during their daily operations. The expectation is that…
https://www.zengrc.com/blog/getting-started-on-governing-ai-issues/
This article first appeared on radicalcompliance.com February 20th, 2023. Today we are going to keep looking at artificial intelligence and how corporations…
https://www.zengrc.com/blog/data-breach-insurance-vs-cyber-liability-insurance-whats-the-difference/
In today's world organizations rely on computer systems and data for pretty much everything, including mission-critical processes and interactions with…
https://www.zengrc.com/blog/measuring-cyber-risk-quantification/
The ceaseless rise in cyber attacks worldwide is a constant reminder that organizations must improve their cybersecurity stance. Merely complying with security…
https://www.zengrc.com/blog/what-is-cybersecurity-risk-management/
Data breaches, phishing schemes, ransomware attacks, regulatory requirements, and other malware threats are on everybody’s radar. Still, some organizations…
https://www.zengrc.com/blog/information-assurance-vs-cybersecurity/
Two terms the security world uses all the time are "information assurance" and "cybersecurity." These terms do overlap, and many people use them interchangeably…
https://www.zengrc.com/blog/biggest-cyber-threats-to-watch-for-in-2023/
Cybersecurity is a critical concern as the threat landscape keeps evolving and becoming more complex. Organizations are already on high alert for sophisticated…
https://www.zengrc.com/blog/employee-spotlight-travis-hire-senior-account-executive/
While a company's entire sales organization is responsible for the sale and distribution of its products and services, it is Account Executives (AEs) who act…
https://www.zengrc.com/blog/complete-guide-to-cyber-risk-assessments/
In the same way people block spam calls and lock their doors at night, businesses should maintain robust and effective cybersecurity. Cybersecurity is exactly…
https://www.zengrc.com/blog/the-iso-31000-risk-management-process/
ISO 31000 provides a framework for organizations to assess their current risk management processes and then make improvements as necessary
https://www.zengrc.com/blog/what-is-cybersecurity-posture/
The cyber-threat landscape is complex and alarming; a company cannot rely on traditional cybersecurity tools to protect its assets and data from today's risk…
https://www.zengrc.com/blog/pci-dss-compliance-overview/
While prescriptive in the details, PCI DSS compliance has a lot of nuances for scoping. This overview of the introduction can help better understand that.
https://www.zengrc.com/blog/help-on-supply-chain-cyber-risks/
This article first appeared on Radical Compliance on January 25, 2023 I hadn't noticed this until now, but we have fresh help for audit and risk…
https://www.zengrc.com/blog/employee-spotlight-marianne-schrader-senior-customer-success-manager/
Customer success (aka customer success management or client advocacy) is the process of increasing customers' satisfaction with a company's product or service…
https://www.zengrc.com/blog/3-reasons-why-its-critical-to-consider-relationships-when-building-reports-2/
When managing risk and compliance programs, one vital part of the job is reporting your program's status and results to other groups: the board, management,…
https://www.zengrc.com/blog/5-essential-steps-to-meet-your-escalating-duty-of-care/
A security leader's playbook for protecting against rising penalties & regulations Security leaders: the time is NOW. Meet your duty of care OR face the SEC…
https://www.zengrc.com/blog/understanding-the-pci-levels-of-compliance/
All merchants, payment processors, or internet service providers that process, store, or transmit credit card data must be PCI compliant, no matter which compliance level they belong to.
https://www.zengrc.com/blog/finra-talks-cyber-risks/
This article first appeared on Radical Compliance January 11, 2023. FINRA, the regulator for broker-dealer firms that every other compliance professional…
https://www.zengrc.com/blog/is-aws-fedramp-certified/
FedRAMP is the short-hand name for the Federal Risk and Authorization Management Program, which the U.S. federal government uses to assess the security of…
https://www.zengrc.com/blog/how-third-party-risks-have-evolved-in-2021/
The Covid-19 pandemic permanently changed how many companies operate. With remote work increasingly common and supply chain challenges more frequent, many…
https://www.zengrc.com/blog/what-is-the-statement-of-applicability-in-iso-27001/
ISO 27001 is a globally recognized standard for organizations to build information security management systems. If your organization wants to achieve ISO 27001…
https://www.zengrc.com/blog/ccpa-compliance-checklist/
CCPA compliance is no easy task but never fear: Using this checklist and our CCPA audit guide can help smooth the way. The first step toward compliance...
https://www.zengrc.com/blog/what-is-risk-mitigation/
Risk mitigation is the process a business undertakes to reduce its exposure to the various risks it might face. Obviously businesses face many risks, some…
https://www.zengrc.com/blog/what-is-third-party-risk-management/
Third-party risk management (TPRM), also known as "vendor risk management," manages risks introduced to your business by your organization's vendors, suppliers…
https://www.zengrc.com/blog/why-you-should-assess-cyber-risk-according-to-industry/
Any organization that uses information technology should conduct cybersecurity risk assessments. That said, every organization faces its own unique set of…
https://www.zengrc.com/blog/how-to-map-hipaa-to-iso-27001/
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law meant to protect sensitive electronic protected health information…
https://www.zengrc.com/blog/security-posture-definition-and-assessments/
Cyber posture, also referred to as security posture, is your organization’s security status of all software, networks, services, and information.
https://www.zengrc.com/blog/steps-to-a-successful-iso-27001-risk-assessment-procedure/
ISO 27001 is an internationally recognized standard to establish an information security management system (ISMS). Implementing ISO 27001 provides organizations…
https://www.zengrc.com/blog/cyber-risk-appetite-what-it-is-and-how-to-calculate-it/
A business cannot reap any reward without taking risks. The question is how much risk your organization is willing to take. A company's risk appetite helps…
https://www.zengrc.com/blog/deciphering-iso-27001-standard/
ISO 27001 compliance can be confusing. This article gives you a primer on what you need to know to jumpstart your compliance efforts.
https://www.zengrc.com/blog/employee-spotlight-riley-cordeiro-senior-business-development-representative/
Business development representatives (BDRs) spearhead a company's sales process, acting as the first point of contact for customers. They bridge the gap…
https://www.zengrc.com/blog/what-is-operational-risk-management/
Every business faces situations or fundamental changes in its condition that might pose varying levels of risk, ranging from minor inconveniences to a crisis…
https://www.zengrc.com/blog/whats-the-definition-of-sale-under-the-ccpa/
The California Consumer Privacy Act (CCPA) is a privacy law that applies to businesses working in California; it requires them to provide certain basic…
https://www.zengrc.com/blog/what-is-compliance-risk-management/
Compliance risk management is the process of identifying, assessing, and monitoring the risks to your enterprise's compliance with regulations and industry…
https://www.zengrc.com/blog/12-security-functions-that-your-business-should-automate/
Every organization wants to protect itself from cybersecurity threats - but the plain truth is that every organization now faces so many threats, each one…
https://www.zengrc.com/blog/top-financial-risks-your-business-could-face/
Financial risks - the chance that your costs, income, or investments might not go according to plan - can affect any company. You should be…
https://www.zengrc.com/blog/top-threat-modeling-methodologies/
Find out how different threat modeling methods can help your business catalog potential threats and find solutions for threat mitigation. One crucial element…
https://www.zengrc.com/blog/by-the-numbers-the-evolution-of-the-cisos-role/
Security executives such as CISOs have seen their roles evolve rapidly over the past few years as cybersecurity rises to the forefront of board and…
https://www.zengrc.com/blog/how-to-determine-your-risk-tolerance-level/
All the risk management measures an organization might take to address cybersecurity threats depend on one critical question: What is the organization's risk…
https://www.zengrc.com/blog/5-steps-to-developing-a-corporate-compliance-program/
Using automation can help make these five steps to developing a corporate compliance program more efficient allowing organizations to leverage compliance as a business asset.
https://www.zengrc.com/blog/understanding-the-fundamentals-of-information-security-management/
Modern businesses now store vast troves of information, which means they must implement security controls and other protection measures to keep that information…
https://www.zengrc.com/blog/what-is-residual-risk-in-information-security/
Cyber risks can be challenging to understand, especially for people who are not risk management professionals. This makes it harder for companies to take…
https://www.zengrc.com/blog/whats-the-system-description-of-a-soc-2-report/
A SOC 2 system description is an important part of a SOC report. It outlines the boundaries of that report, and contains important details regarding…
https://www.zengrc.com/blog/soc-2-vs-soc-3-compliance-whats-the-difference/
Safeguarding data is more vital than ever for corporate organizations. Responding to that desire for stronger cybersecurity, many technology vendors to those…
https://www.zengrc.com/blog/what-is-a-risk-assessment/
A risk assessment is the process a company undertakes to catalog the potential threats to its business. In the same way a person might check…
https://www.zengrc.com/blog/which-nist-framework-is-best-for-your-organization/
NIST is the abbreviated name of the National Institute of Standards and Technology. It's one of many federal agencies under the U.S. Department of Commerce,…
https://www.zengrc.com/blog/what-is-a-vendor-risk-assessment/
A vendor risk assessment provides visibility into the risks your business faces when using third-party vendors' products or services. Risk assessments are…
https://www.zengrc.com/blog/how-to-interpret-new-white-house-software-supply-chain-security-guidance/
In September, the United States Office of Management and Budget (OMB) issued a memorandum directing federal agencies to comply with the NIST guidance that…
https://www.zengrc.com/blog/reciprocity-introduces-new-leadership-to-accelerate-cyber-risk-strategy-and-market-adoption/
Company Appoints Technology Veterans in Marketing, Sales and Product Management REDWOOD CITY, CA - November 29, 2022 - Reciprocity, a leader in information…
https://www.zengrc.com/blog/the-most-common-corporate-cybersecurity-risks/
"Corporate cybersecurity" refers to the tactics and methods an organization uses to safeguard sensitive data, prevent unauthorized access to information…
https://www.zengrc.com/blog/how-can-rmis-support-risk-management/
Many standards and regulations to protect information security require an organization to identify, assess, and control its risks. Using a Risk Management…
https://www.zengrc.com/blog/what-does-risk-management-involve/
What does risk management do? Learn how it helps businesses assess threats, reduce costs, and make smarter, more strategic decisions.
https://www.zengrc.com/blog/how-you-can-seize-opportunity-in-2023/
Surface Cyber Risk to Seize the "Opportunity of a Lifetime" Speaker(s): …
https://www.zengrc.com/blog/employee-spotlight-dan-kiehl-compliance-analyst/
Reciprocity is committed to providing the industry's leading compliance and risk management solutions. So, it should come as no surprise that compliance and…
https://www.zengrc.com/blog/compliance-does-not-equal-security/
Compliance is the typical starting point in protecting your organization. After all, it's a "must-do," and failure to comply can result in fines and other…
https://www.zengrc.com/blog/internal-controls-to-implement-for-data-privacy-discovery-and-classification/
Thanks to the endless parade of data breaches that fill news headlines, discussions about data privacy have become commonplace in the corporate world. That's…
https://www.zengrc.com/blog/signs-you-may-be-vulnerable-to-supply-chain-attacks/
One of the most notorious cybersecurity attacks to strike through the corporate supply chain happened in 2020. That's when criminals successfully installed…
https://www.zengrc.com/blog/consumer-data-privacy-future-readiness-developing-a-meaningful-growth-outlook/
To get a sense of how consumers feel about the privacy of their personal data, a McKinsey survey from 2020 offers some telling insights: Recent…
https://www.zengrc.com/blog/most-common-types-of-cybersecurity-vulnerabilities/
In 2021, Microsoft patched the Windows Print Spooler remote code execution vulnerability, a weakness in the Microsoft operating system that allowed attackers…
https://www.zengrc.com/blog/compliance-in-healthcare/
Healthcare is one of the most highly regulated industries in the business world. Meeting those regulatory compliance obligations is challenging and complex…
https://www.zengrc.com/blog/make-sense-of-recent-nist-updates-for-the-healthcare-industry/
A constant in the world of cybersecurity governance, risk and compliance management is the steady stream of new frameworks, regulations, laws and guidance that…
https://www.zengrc.com/blog/why-security-health-is-more-important-than-security-maturity/
One of the things I love most about working in security is that things are constantly changing. Yup, you read that correctly. I love changes!…
https://www.zengrc.com/blog/get-ahead-of-threats-by-surfacing-unknown-risks/
Many organizations believe that if they comply with cybersecurity and governance regulations, they are safe from attackers. Nothing could be further from the…
https://www.zengrc.com/blog/guidelines-you-should-consider-to-manage-and-secure-consumer-data/
In 2017, Equifax, one of the largest credit bureaus in the United States, suffered a data breach that exposed the personally identifiable information (PII) of…
https://www.zengrc.com/blog/analyzing-cybercriminal-reconnaissance-to-improve-your-strategic-planning/
"Reconnaissance" (recon) is a military term that refers to observing a target (usually in a clandestine way) and gathering information about it. The term and…
https://www.zengrc.com/blog/signs-your-organization-could-benefit-from-data-security-automation/
Security automation is an efficient and cost-effective way to protect your data resources from malicious cyber threat actors. The right tools require no human…
https://www.zengrc.com/blog/how-to-automate-your-data-security-processes/
Stolen data is a lucrative line of work for cyber criminals. The Dark Web Price Index, an annually published list of "products" for sale on…
https://www.zengrc.com/blog/how-compliance-can-strengthen-your-risk-posture/
In the age of digital business, protecting your organization's digital assets from cyber threats and reducing your cyber risk exposure has never been more…
https://www.zengrc.com/blog/creating-a-successful-cybersecurity-risk-management-plan/
Whatever industry you work in or however large your business is, one thing is true: every company with a desire to stay competitive and relevant…
https://www.zengrc.com/blog/what-are-the-three-types-of-iso-audits/
The International Organization for Standardization (ISO) has established a framework for three distinct types of audits: first-party, second-party, and…
https://www.zengrc.com/blog/powerful-cybersecurity-lessons-from-the-movies/
Fact vs. Fiction: Cinema-based Cyber Risk Training... Forty years ago, Tron's Kevin Flynn entered ENCOM's mainframe computer to prove his boss stole his…
https://www.zengrc.com/blog/a-guide-to-automating-risk-management/
Automation is a critical component of risk management strategies, but businesses aren't using it enough. Here's how to change that. An Evolving…
https://www.zengrc.com/blog/employee-spotlight-lascelles-gonsalves-senior-account-executive/
Sales play a critical role in the success of a business by bridging the gap between a customer's needs and the products or services the…
https://www.zengrc.com/blog/what-is-proactive-risk-management/
Most organizations today function in a risk-prone environment. Those threats include operational, strategic, financial, cybersecurity, geopolitical, compliance…
https://www.zengrc.com/blog/costs-of-third-party-data-breach/
Data breaches are cybersecurity events that can harm a company's reputation, finances, and compliance. Far too often these days, breaches are caused by a…
https://www.zengrc.com/blog/how-internal-cybersecurity-threats-affect-your-cyber-risk-plan/
In 2016, an article in the Harvard Business Review called out organizations that focused on external cybersecurity threats while ignoring the dangers from…
https://www.zengrc.com/blog/what-is-a-vendor-risk-management-program/
As your company grows, outsourcing specific tasks will likely become necessary. Whether procuring materials from outside manufacturers or contracting freelancer…
https://www.zengrc.com/blog/protecting-your-corporate-website-as-an-enterprise-risk-management-strategy/
Protecting your corporate website as an enterprise risk management strategy helps you keep your data safe and protects your reputation.
https://www.zengrc.com/blog/why-buying-saas-grc-software-is-a-smart-investment/
Cloud vs. on premise GRC software: a CIO’s dilemma? Well, maybe, and maybe not. Here are some reasons why buying SaaS GRC software is a safe decision
https://www.zengrc.com/blog/iso-27001-requirements-checklist-steps-and-tips-for-implementation/
ISO 27001 enables organizations of any size to manage the security of assets such as employee information, financial information, intellectual property...
https://www.zengrc.com/blog/how-to-automate-vendor-risk-management/
Every organization uses third-party vendors, and most organizations use lots of vendors - which brings lots of vendor risk in tow. At this point most…
https://www.zengrc.com/blog/cybersecurity-best-practices-for-companies/
The modern threat landscape has evolved significantly in the past few years. Cybercriminals launch increasingly sophisticated attacks, which have only gotten…
https://www.zengrc.com/blog/tips-for-managing-third-party-risk-in-health-care/
Third party vendors play a vital role in healthcare supply chains, but can also pose a significant risk to an organization's cybersecurity.
https://www.zengrc.com/blog/how-to-connect-risk-with-your-business-objectives-so-everyone-understands/
Current Challenges in Risk Management A recent study from EY Global found that 77% of companies across industries and geographic regions report an increase in…
https://www.zengrc.com/blog/best-practice-guide-using-automation-to-transform-risk-management/
The past two years have seen many organizations' risk management programs playing catch-up. Companies accelerated their digital transformation to accommodate a…
https://www.zengrc.com/blog/modernizing-your-third-party-risk-management-program/
Third-party risk management (TPRM) is a growing concern for organizations as their networks grow and cybersecurity threats increase. …
https://www.zengrc.com/blog/what-is-a-security-automation-platform/
Enterprise cybersecurity has devolved into a war zone. Today's cyber adversaries are armed with cutting-edge tools to launch sophisticated and devastating…
https://www.zengrc.com/blog/what-is-third-party-risk-monitoring/
Third-party risk monitoring is the continuous assessment of third-party vendors that have entered into a business relationship with your company, to understand…
https://www.zengrc.com/blog/california-consumer-privacy-act-vs-gdpr/
While the CCPA may seem like the US version of GDPR, the two have some significant differences that businesses should understand.
https://www.zengrc.com/blog/what-to-include-in-your-compliance-automation-checklist/
The burdens of compliance are heavy. How heavy, exactly? According to one 2020 study, compliance costs consume 40 percent of IT security budgets - but…
https://www.zengrc.com/blog/what-is-vendor-risk-management/
Understanding the principles of vendor risk management can help you secure your data and lower the likelihood of a data breach.
https://www.zengrc.com/blog/what-the-secs-proposed-new-cyber-risk-reporting-rules-mean-for-you/
Earlier this year, SEC Chair Gary Gensler proposed new rules about the handling and reporting of cyber risk and breaches. The proposal is trying to…
https://www.zengrc.com/blog/what-is-security-orchestration/
Modern cybersecurity and security operations center teams must be constantly vigilant to detect threats, respond to security events, and mitigate risk. They…
https://www.zengrc.com/blog/the-importance-of-data-governance-in-the-insurance-industry/
Data governance matters in every industry because it helps to establish data accuracy, reliability, integrity, and security - but it is especially important in…
https://www.zengrc.com/blog/the-benefits-of-security-automation/
The world is embracing digital transformation, where software and automation mean less human support is necessary to perform repetitive tasks in a business…
https://www.zengrc.com/blog/what-are-the-benefits-of-integrated-risk-management/
What Is Integrated Risk Management? Integrated risk management (IRM) is a more disciplined approach to risk management. It uses technology to identify threats…
https://www.zengrc.com/blog/why-third-party-risk-is-critical-to-every-business-2/
Every organization, whether a startup or global enterprise, works with multiple vendors, using their software and relying on their systems - and yet, while…
https://www.zengrc.com/blog/reduce-risk-using-cyber-assurance-programs/
5 EXAMPLES OF HOW TO GAIN BETTER INSIGHT INTO THE RISKS OF YOUR STRATEGIC BUSINESS PRIORITIES 77% of global companies report an increase in threats to…
https://www.zengrc.com/blog/5-essential-steps-toward-better-third-party-risk-management/
I think it's fair to say that as your company grows, you will likely need to engage with outside parties to supplement or outsource elements…
https://www.zengrc.com/blog/how-to-automate-for-risk-and-compliance-management/
You don't have to be an expert to know that risk management and corporate compliance are different things. Risk management refers to events that can…
https://www.zengrc.com/blog/reciprocity-announces-60m-growth-investment-from-francisco-partners/
SAN FRANCISCO, Calif. - September 8, 2022 - Reciprocity (the "Company"), a leader in information security, risk, and compliance, today announced it has closed…
https://www.zengrc.com/blog/wisdom-from-a-compliance-dinosaur/
This article first appeared on radicalcompliance.com August 16th, 2022 The other week I had coffee with a veteran compliance officer passing through town. This…
https://www.zengrc.com/blog/what-is-strategic-risk/
Today's organizations operate in a highly risky business environment comprising many types of risks. One such risk is strategic risk. Strategic risk is the…
https://www.zengrc.com/blog/how-to-respond-to-tough-questions-from-leadership-teams-faster-and-better/
Have you ever been asked difficult questions from your leadership teams that you couldn't answer? How do you intelligently and succinctly respond to the…
https://www.zengrc.com/blog/what-is-the-iso-27001-standard/
ISO 27001, formally known as ISO/IEC 27001:2013, is a globally recognized standard for Information Security Management Systems (ISMS). Published by the…
https://www.zengrc.com/blog/does-iso-27001-require-penetration-testing/
ISO 27001, published by the International Organization for Standardization (ISO), is a set of standards to govern cybersecurity and information security…
https://www.zengrc.com/blog/irm-erm-and-grc-is-there-a-difference/
Risk management has become a veritable alphabet soup. The advent of the digital age is partly to blame. Virtually every organization is “going digital,” ...
https://www.zengrc.com/blog/kpis-for-evaluating-your-vendor-management-program/
An effective vendor management program needs automation to help document and monitor third-party cybersecurity. By establishing KPIs, you can create a more robust program.
https://www.zengrc.com/blog/automation-of-risk-and-security-compliance-is-no-longer-a-choice/
Risk, security and compliance executives have many choices and decisions on their respective plates, and whether or not to automate is not among them. I've…
https://www.zengrc.com/blog/what-is-cybersecurity-attestation/
Hardly a week goes by without hearing about yet another data breach or cyberattack that harmed some company somewhere - which means, naturally, that organizatio…
https://www.zengrc.com/blog/what-is-digital-resilience/
When the Covid-19 pandemic arrived in 2020, organizations all over the world were forced to adapt rapidly to the financial and operational crisis the pandemic…
https://www.zengrc.com/blog/close-the-back-door-5-ways-to-reduce-third-party-risk/
LEARN HOW TO OPTIMIZE YOUR THIRD-PARTY RELATIONSHIPS The connections and dependencies between organizations and their employees, partners, suppliers and…
https://www.zengrc.com/blog/key-steps-to-strategic-risk-management-assessments/
Modern-day enterprise risk management (ERM) is a disciplined, organization-wide approach to identifying and addressing a wide range of enterprise risks, such…
https://www.zengrc.com/blog/what-is-cybersecurity-risk-analysis/
A risk analysis is one step in the overall cybersecurity risk management and risk assessment process. The analysis entails examining each risk to the security…
https://www.zengrc.com/blog/5-steps-of-enterprise-risk-management/
Enterprise Risk Management (ERM) programs require building a program around your organization's strengths similar to a creating a strong deck for a tabletop game.
https://www.zengrc.com/blog/protect-your-business-with-integrated-risk-management-solutions/
Risk awareness, mitigation, and management are integral to solid cybersecurity and business performance in the modern business climate. Organizations need an…
https://www.zengrc.com/blog/what-is-automated-regulatory-intelligence/
Modern organizations face an unprecedented pace of regulatory change, especially in the financial industry and in sectors such as healthcare, manufacturing…
https://www.zengrc.com/blog/supply-chain-visibility-what-is-it/
See how supply chain visibility and cybersecurity go hand-in-hand to safeguard your network, vendors, and operations.
https://www.zengrc.com/blog/key-principles-of-operational-risk-management/
Operational risk is any risk that arises from your company's business processes and could result in financial loss or disruption to your ability to serve…
https://www.zengrc.com/blog/what-does-a-compliance-management-system-look-like/
For the modern financial institution, your compliance management system needs to incorporate cybersecurity monitoring to effectively limit compliance risk.
https://www.zengrc.com/blog/employee-spotlight-devin-harris-technical-product-manager/
Every member of Reciprocity's Technical Product Management team is a GRC expert, lending their product knowledge to our customers while providing internal…
https://www.zengrc.com/blog/gather-your-team-and-conquer-dystopian-vendor-security-reviews/
Let's talk about vendor security reviews. If you felt some form of unpleasant emotion just reading the phrase "vendor security review," I understand. You and…
https://www.zengrc.com/blog/strategic-planning-to-improve-your-data-security-fabric/
Data is one of the most valuable assets for modern organizations. The right type and quality of data allows companies to resolve problems and improve…
https://www.zengrc.com/blog/using-business-analytics-for-risk-performance-management/
Risk management is the process of identifying, evaluating, and controlling risks to an organization's operations and financial performance. These dangers can…
https://www.zengrc.com/blog/what-is-cyber-threat-intelligence/
As the cybersecurity threat landscape evolves, attack vectors are becoming more sophisticated and widespread. Cybercriminals are also constantly improving…
https://www.zengrc.com/blog/what-is-a-cro-and-why-do-you-need-one/
All organizations have a team of C-suite executives to set strategy and run the business. Typically that group looks quite similar from one organization to…
https://www.zengrc.com/blog/what-is-cyber-governance/
Modern organizations operate in a challenging threat landscape. It's impossible to eliminate all the threats that might affect their systems, data, or people…
https://www.zengrc.com/blog/how-the-pandemic-has-affected-cyber-attacks-on-hospital-systems/
Healthcare organizations such as hospitals and clinics are vulnerable to all manner of cyberattacks, particularly phishing and business email compromise (BEC)…
https://www.zengrc.com/blog/what-is-the-risk-management-process/
Enterprise risk management (ERM) is the process of identifying, assessing, managing, and monitoring potential risks. Its overarching goal is to minimize the…
https://www.zengrc.com/blog/employee-spotlight-nick-brown-technical-product-manager/
Technical product managers play a crucial role in an organization, helping with the development and marketing of a company's products while also serving as the…
https://www.zengrc.com/blog/combat-limited-resources-threats-with-automation/
IN COLLABORATION WITH ELLIOTT DAVIS: EMERGING DEVELOPMENTS & HOT TOPICS, GRC In a 2021 survey of CIOs, respondents cited limited resources, new or changing…
https://www.zengrc.com/blog/keep-up-with-the-ever-evolving-cybersecurity-threat-landscape/
It seems like the next flavor of cyberattack is always making the news, a constant reminder of how vigilant businesses need to be to try…
https://www.zengrc.com/blog/what-is-cyber-risk-modeling/
In March 2022, Security Magazine published a list of cybersecurity predictions for the upcoming year. This list showed that criminals are constantly improving…
https://www.zengrc.com/blog/what-is-a-compliance-framework/
Regulatory compliance is a substantial challenge for many organizations— but that doesn’t mean you can give compliance short shrift. On the contrary, mastering…
https://www.zengrc.com/blog/automating-grc-the-next-frontier-in-risk-management/
Because of the dramatic acceleration of digital transformation, many organizations have accepted associated risk rather than taking the time to conduct full…
https://www.zengrc.com/blog/making-the-shift-from-vrm-to-tprm/
There's an old expression that says the most dangerous statement a person can make is "we've always done it this way." I think we can…
https://www.zengrc.com/blog/is-gcc-high-fedramp-high/
Microsoft provides numerous options for its public cloud offerings. Microsoft 365 Commercial, also known as MS 365 Commercial or Commercial Microsoft 365, is…
https://www.zengrc.com/blog/implementing-an-it-risk-management-framework/
Enterprise risk management (ERM) is a disciplined, holistic way to identify, manage, and mitigate risk throughout your entire enterprise. IT risk management…
https://www.zengrc.com/blog/fedramp-system-security-plan-tips-for-writing-an-ssp/
The Federal Risk and Authorization Management Program (FedRAMP) standardizes how U.S. federal government agencies apply the Federal Information Security…
https://www.zengrc.com/blog/fedramp-encryption-requirements-to-manage-risk/
The Federal Risk and Authorization Management Program (FedRAMP) provides a risk-based approach to help U.S. government agencies adopt and use cloud-based…
https://www.zengrc.com/blog/conducting-a-fedramp-risk-assessment/
The Federal Risk and Authorization Management Program (FedRAMP) provides U.S. federal agencies and their vendors with a standardized set of best practices to…
https://www.zengrc.com/blog/cyber-risk-management-the-right-approach-is-a-business-oriented-approach/
This article first appeared in Cyber Defense eMagazine - July 2022 Edition. As rates of cyberattacks continue to increase - and organizations continue to…
https://www.zengrc.com/blog/simplifying-cybersecurity-insurance-with-unified-risk-management/
In today's hyper-connected world, it is hard to imagine a business that doesn't rely in whole or in part on the usage of electronic communications…
https://www.zengrc.com/blog/using-cps-234-to-reduce-the-risk-to-your-financial-data/
A recent blog I wrote on the latest security standard update from the Payment Card Industry—PCI DSS V4.0—talked about going beyond a singular framework as…
https://www.zengrc.com/blog/what-is-the-purpose-of-nist/
What Is the Purpose of the NIST Cybersecurity Framework? Strong cybersecurity is paramount for organizations in every industry - and the best way to implement…
https://www.zengrc.com/blog/5-steps-to-reduce-the-web-of-uncertainty-in-third-party-risk-management/
Businesses around the globe need to consider a systematic and digital-first approach to third-party risk management (TPRM) to catalog, classify and manage all…
https://www.zengrc.com/blog/get-a-head-start-on-your-pci-dss-v4-0-overhaul/
"The big news with version 4 of the Data Security Standard is that this is a major release and some significant changes have occurred." - Mark…
https://www.zengrc.com/blog/reciprocity-continues-strong-company-momentum-in-h1-2022/
SAN FRANCISCO, CA - June 28, 2022 - Reciprocity, a leader in information security risk and compliance, today announced its continued company momentum as…
https://www.zengrc.com/blog/security-threats-are-evolving-so-why-isnt-your-security-program/
While the cybersecurity environment is becoming increasingly threatening and complex, security programs are finding it difficult to keep up. Even as budgets…
https://www.zengrc.com/blog/10-common-types-of-phishing-and-how-to-identify-them/
Although scammers have been around for far longer than the internet, the advent of cyberspace has presented crafty criminals with a unique set of opportunities…
https://www.zengrc.com/blog/top-best-internal-controls-for-cyber-risk-mitigation/
Risk has always been an inevitable part of doing business. How organizations identify, manage and mitigate those risks ultimately determine whether or not they…
https://www.zengrc.com/blog/deep-learning-can-be-used-for-malware-detection/
Malware is a threat for businesses everywhere. Short for "malicious software," malware is any intrusive program that exploits system vulnerabilities to wreak…
https://www.zengrc.com/blog/insider-threats-7-real-life-examples/
In today's digital age, organizations know the importance of preparing for cyber attacks and data breaches. Too many, however, focus only on outside cybersecuri…
https://www.zengrc.com/blog/prepare-for-pci-dss-v4-now-to-stay-ahead-of-bad-actors/
EXPERT TIPS TO PREPARE FOR THE TRANSITION AND MAKE THE MOST OF NEWFOUND FLEXIBILITY AND CONTROL "The big news with version 4 of the…
https://www.zengrc.com/blog/cybersecurity-risks-in-supply-chain-management/
As the world becomes more interconnected, organizations increasingly rely on extended supply chains to conduct business. For many, however managing the supply…
https://www.zengrc.com/blog/what-is-operational-security-why-is-it-important/
Protecting your organization against security incidents is easy enough in theory, but many businesses struggle to find the right approach when it comes to…
https://www.zengrc.com/blog/iso-27001-compliance-checklist/
2021 saw at least 1,862 data breaches, 68 percent more than the number of breaches in 2020 and a new record that surpassed the previous…
https://www.zengrc.com/blog/infrastructure-lifecycle-management-best-practices/
As your organization scales, inevitably, so too will its infrastructure needs. From physical spaces to personnel, devices to applications, physical security to…
https://www.zengrc.com/blog/operational-risk-management-more-than-just-cybersecurity/
In an ideal world, every organization would operate at peak capacity, have perfectly efficient operations, and never experience system failures, cyberattacks…
https://www.zengrc.com/blog/reciprocity-wins-coveted-global-infosec-awards-during-rsa-conference-2022/
Last year was a record year for cybersecurity attacks, with the number of encrypted threats spiking by 167% (10.4 million attacks), ransomware attacks rising…
https://www.zengrc.com/blog/five-best-practices-for-improved-risk-management/
Over the past couple of years, many organizations have taken a "transform first, ask (security) questions later" approach in order to keep up with digital…
https://www.zengrc.com/blog/sure-fire-way-to-boost-board-confidence-communicate-risk-in-their-language/
Looking back at the past few years, the COVID-19 pandemic has forced technology leaders to drastically rethink their approach to strategic planning. Projects…
https://www.zengrc.com/blog/reciprocity-to-present-at-rsa-conference-2022/
SAN FRANCISCO, CA - May 31, 2022 - Reciprocity, a leader in information security risk and compliance, today announced it will deliver a presentation at…
https://www.zengrc.com/blog/third-party-risk-management-and-iso-requirements-for-2022/
Third-party risk management (TPRM) has evolved from an annual checklist exercise to an essential daily practice in today’s highly interdependent business…
https://www.zengrc.com/blog/covid-19-compliance-considerations-for-remote-employees/
If the COVID-19 pandemic caused your enterprise to make a sudden switch from an on-site business model to a diverse, dispersed network of ad-hoc home…
https://www.zengrc.com/blog/what-is-a-digital-supply-chain/
In our increasingly digitized world, few business processes remain untouched by digital transformation. As disruptions to commerce become more common following…
https://www.zengrc.com/blog/targeted-attack-resilience/
Cyber attacks come in many forms, and most are a source of enormous frustration and anger for corporate security and compliance teams. Few attacks, however,…
https://www.zengrc.com/blog/7-steps-security-executives-can-take-to-evolve-their-role/
Security executives such as CISOs have seen their roles evolve rapidly over the past few years as cybersecurity rises to the forefront of board and…
https://www.zengrc.com/blog/how-to-use-cyber-assurance-programs-to-manage-risk-based-on-business-outcomes/
If you've been following any of our recent webinars or in-person presentations, you've heard us talk a lot about shifting the mindset from a focus…
https://www.zengrc.com/blog/employee-spotlight-tanja-milicic-software-engineer/
Software engineers are crucial to the success of SaaS companies like Reciprocity. So, we're very lucky when we can have a software engineer like Tanja…
https://www.zengrc.com/blog/reciprocity-offers-free-cyber-risk-assessment-with-new-community-edition-of-roar-platform/
New Reciprocity Community Edition Enables Companies to Better Protect Themselves by Identifying, Understanding, and Acting on Risk within a Business Context -…
https://www.zengrc.com/blog/creating-a-vendor-risk-management-framework/
Global third-party suppliers have become an essential resource for many companies, providing crucial strategic and competitive support. Outsourcing, however…
https://www.zengrc.com/blog/third-party-operational-risk-best-practices/
Modern organizations face both operational risk and third-party risk. Operational risk refers to the risk of loss that can result from failed internal…
https://www.zengrc.com/blog/common-data-protection-challenges-how-to-overcome-them/
Organizations face more challenges around data protection today than ever before. Hence it's critical to develop a data protection strategy that addresses…
https://www.zengrc.com/blog/digital-supply-chain-management/
Digital transformation is redefining supply chains in almost every industry. These new-age supply chains are characterized by internet connectivity, digital…
https://www.zengrc.com/blog/should-you-develop-a-multi-cloud-strategy/
As more and more businesses look for ways to take better advantage of the services offered by different cloud providers, many organizations are finding that…
https://www.zengrc.com/blog/how-to-overcome-barriers-affecting-risk-management/
Amidst today's ever-changing threat landscape, business leaders are also facing an equally evolving and increasing range of uncertainty. Managing this…
https://www.zengrc.com/blog/developing-internal-controls-for-your-business/
Explore best practices for building an internal control framework that improves oversight, enables corrective action, and supports operational efficiency.
https://www.zengrc.com/blog/what-is-third-party-cyber-risk-management/
According to one 2021 report by the Ponemon Institute, 74 percent of organizations say they had experienced a cybersecurity breach in the previous 12 months…
https://www.zengrc.com/blog/what-is-a-vulnerability/
A vulnerability is a weakness that can cause or contribute to a risk of being exploited by a threat; it is a gap in protection…
https://www.zengrc.com/blog/what-aws-services-are-fedramp-approved/
Amazon Web Services (AWS) is a widely used cloud platform that allows organizations to leverage the many benefits of the cloud. They can choose from…
https://www.zengrc.com/blog/building-a-scalable-risk-management-program/
In an increasingly interconnected world, anticipating and managing risk is more important — and more challenging — than ever before. Ultimately, you need a…
https://www.zengrc.com/blog/guide-to-comparing-risk-assessment-methodologies/
Risk assessment is a critical component of enterprise risk management - perhaps even the most important component. If you assess your risks incorrectly, all…
https://www.zengrc.com/blog/the-changing-role-of-the-ciso-fireside-chat/
FROM THE BACK OFFICE TO THE BOARDROOM: EXECUTIVES DISCUSS THE ROLE'S EVOLUTION Increasingly since the global pandemic struck in 2020, the world is being…
https://www.zengrc.com/blog/5-things-keeping-you-from-risk-management-utopia/
There are a lot of buzzwords and hot topics in the cyber security industry but there's one thing we GRC professionals can not agree upon…
https://www.zengrc.com/blog/reciprocity-community-edition-best-practices-how-to-get-started-with-the-reciprocity-roar-platform/
The Reciprocity® Community Edition is now available and is your chance to see the new Reciprocity ROAR Platform in action and it…is…totally…free! This is a…
https://www.zengrc.com/blog/5-essential-steps-for-third-party-risk-management-success/
In a world full of security breaches and litigation, every organization needs a solid strategy to identify and reduce risks relating to the use of…
https://www.zengrc.com/blog/guide-to-defense-in-depth/
Modern cybersecurity requires a multi-layered approach to detecting and repelling threats. Emerging cyber risks can adapt to your initial firewalls or…
https://www.zengrc.com/blog/how-to-achieve-network-infrastructure-modernization/
Most businesses today want to deliver modern applications, products, and services to customers as efficiently as possible. This seemingly simple goal is far…
https://www.zengrc.com/blog/common-challenges-to-operational-risk-management/
Operational risk is defined as the risk of a loss that results from inadequate or failed business processes, people and systems, or from external events. More…
https://www.zengrc.com/blog/industrial-internet-of-things-and-cybersecurity/
Learn how the industrial internet of things (IIoT) is changing industries around the world, and what your business can do to make sure your IIoT…
https://www.zengrc.com/blog/does-your-cyber-threat-intelligence-team-know-these-key-things/
The 2021 CrowdStrike Global Security Attitude Survey found that on average, organizations take 146 hours to discover a cybersecurity incursion, an alarming…
https://www.zengrc.com/blog/importance-of-hecvat/
For organizations in higher education - from academic institutions to their third-party service providers - the Higher Education Community Vendor Assessment…
https://www.zengrc.com/blog/pos-security-what-is-it/
POS security is the security for a point-of-sale (POS) payment system - that is, the system that businesses use to accept, process, and record payment…
https://www.zengrc.com/blog/qualities-of-effective-supplier-quality-management/
When working with a supplier, you expect that the goods and services it delivers to you are of a certain quality. You also expect items…
https://www.zengrc.com/blog/rethink-your-third-party-risk-strategy-in-an-uncertain-world/
DO YOU KNOW IF YOUR VENDORS ARE MEETING REQUIRED SECURITY AND PRIVACY OBLIGATIONS? As organizations begin to recover from the pandemic, third-party risk…
https://www.zengrc.com/blog/the-imperative-of-managing-cyber-risk-in-business-context/
People have long used mission statements, declarations and manifestos to publicly convey the intentions, motives or views of its issuer. While the historical…
https://www.zengrc.com/blog/secs-push-for-better-cyber-governance/
This article first appeared on radicalcompliance.com March 28th, 2022 Today I want to revisit the SEC's proposed new rules requiring public companies to…
https://www.zengrc.com/blog/what-is-compliance-in-cybersecurity/
Definition of Compliance Businesses are required to comply with all relevant government laws, rules, and regulations, including those rules and regulations…
https://www.zengrc.com/blog/best-practices-to-mitigate-vendor-risk-within-your-supply-chain/
As an organization grows, it becomes increasingly difficult to handle all workloads internally. Suppliers, service providers, and other third-party vendors are…
https://www.zengrc.com/blog/internal-controls-best-practices/
Learn to develop strong internal controls to safeguard against security threats Internal controls protect your business from many operational, financial and…
https://www.zengrc.com/blog/best-practices-in-cyber-supply-chain-risk-management/
Management of cybersecurity threats in your supply chain should be embedded into every part of your business. Every high-risk vendor relationship or third-party…
https://www.zengrc.com/blog/what-is-a-third-party-risk-assessment/
A third-party risk assessment is an analysis of the risks introduced to your organization via third-party relationships along the supply chain. Those third…
https://www.zengrc.com/blog/information-security-vs-cybersecurity-main-differences/
Learn more about the differences between information security and cybersecurity and how they work within your business practice.
https://www.zengrc.com/blog/strategies-for-digital-risk-protection/
Digital Risk Protection or DRP, is the cyber equivalent of locking our doors—as well as installing security cameras, hiring a guard, installing a safe...
https://www.zengrc.com/blog/risk-assessment-vs-risk-analysis-whats-the-difference/
Understanding the difference between risk assessment and risk analysis can help you prioritize your risk mitigation strategies to maintain a security-first approach to information security.
https://www.zengrc.com/blog/reciprocity-announces-new-ceo-in-support-of-accelerating-growth/
Michael Maggio Named CEO, Brings Diverse Experience and Skills to Transform IT Risk Management SAN FRANCISCO, CA - March 31, 2022 - Reciprocity, a leader in…
https://www.zengrc.com/blog/driving-business-results-with-a-strategic-approach-to-risk-and-with-zenrisk/
Every business activity involves risk, so simply viewing and measuring risk at a high level isn't enough. InfoSec teams also need to identify and categorize…
https://www.zengrc.com/blog/operationalize-risk-and-compliance-with-the-reciprocity-roar-platform/
The team at Reciprocity recently conducted a live poll and asked our audience, "Are you currently using your compliance program to guide your risk management…
https://www.zengrc.com/blog/cyber-hygiene-how-to-implement-best-practices-for-your-business/
Cyber hygiene is the cybersecurity equivalent to the idea of personal hygiene. Applying good cyber hygiene practices, every day, is the only way to assure…
https://www.zengrc.com/blog/how-to-renew-your-iso-27001-certification/
Since 1947, the International Organization for Standardization (ISO) has developed thousands of international standards geared toward quality assurance across…
https://www.zengrc.com/blog/how-to-integrate-esg-risks-into-your-enterprise-risk-management-framework/
Many companies are coming to realize that an effective environmental, social, and governance (ESG) strategy supports better financial performance and long-term…
https://www.zengrc.com/blog/do-fedramp-and-cmmc-have-reciprocity/
Government cybersecurity standards such as FedRAMP and CMMC can be challenging to comprehend. There are a host of details to decipher for each one, let…
https://www.zengrc.com/blog/what-is-internal-control-in-auditing/
A system of internal controls is a set of policies and procedures that an organization can use to provide reasonable assurance that the organization achieves…
https://www.zengrc.com/blog/reciprocity-recognized-as-leader-in-g2-spring-2022-grid-report-for-grc-platforms/
SAN FRANCISCO, CA - March 24, 2022 - Reciprocity, a leader in information security risk and compliance, today announced its ZenGRC® platform was recognized as…
https://www.zengrc.com/blog/why-is-cybersecurity-important/
Phishing schemes, ransomware attacks, privacy breaches, and other cyber threats all aim to pilfer the sensitive data stored on your IT systems. These nightmares…
https://www.zengrc.com/blog/what-is-inherent-risk/
All organizations in all industries face a certain amount of inherent risk. Inherent risk is the amount of risk that exists when some threat goes…
https://www.zengrc.com/blog/internal-controls-fraud-prevention/
Help protect your organization from the various types of occupational fraud by incorporating a strong internal control system.
https://www.zengrc.com/blog/building-a-risk-management-program-start-with-compliance-and-reciprocity-zencomply/
Businesses are constantly adapting to changing circumstances. Yet, many are strapped for resources and view compliance as nothing more than a checklist of…
https://www.zengrc.com/blog/how-to-prioritize-cyber-risk-for-your-organization/
Businesses around the world depend on technology to operate and grow. Along with that growth, however, the risk of cyber attack expands. To avoid the…
https://www.zengrc.com/blog/effective-infosec-begins-with-reciprocity-between-compliance-risk/
GET A PEEK AT GROUNDBREAKING PRODUCT INNOVATIONS DELIVERING A NEW PATH TO ACTIONABLE RISK INSIGHT Pressure is increasing on security and risk management…
https://www.zengrc.com/blog/what-are-the-limitations-of-internal-control/
Understanding the limitations of internal control can help your business or organization better prevent gaps in its information systems. Learn how with this…
https://www.zengrc.com/blog/breaking-down-the-silos-between-compliance-and-risk-with-the-reciprocity-roar-platform/
Compliance and risk often are thought of as separate, distinct functions. However, upon deeper examination, you'll see that compliance affects risk, and risk…
https://www.zengrc.com/blog/key-concerns-for-financial-cybersecurity-risk-management/
Over the last several years, the banking and financial services sectors have seen a huge increase in ransomware attacks and other cyber threats worldwide. This…
https://www.zengrc.com/blog/apply-cybersecurity-measures-to-reduce-risk/
Hackers and cybercriminals constantly seek to circumvent your security systems and gain access to the sensitive data of your customers and staff. Hence the…
https://www.zengrc.com/blog/relationship-between-risk-appetite-and-compliance/
ISO Guide 73:2009 establishes a set of definitions for risk management in organizations. It defines risk appetite as "the amount and type of risk that…
https://www.zengrc.com/blog/how-to-integrate-cybersecurity-into-business-continuity-planning/
Business continuity means keeping your business operations up and running despite disruptions: natural disasters, pandemics, cyber attacks, other technical…
https://www.zengrc.com/blog/introducing-the-new-reciprocity-community/
By Leigh Ann WhitmarshDirector of Customer Experience, Reciprocity We are excited to introduce our new Reciprocity Community in support of the launch of…
https://www.zengrc.com/blog/what-is-data-spillage-and-how-to-address-it/
The National Institute of Standards and Technology (NIST) defines data spillage as a security incident that results in "the transfer of classified information…
https://www.zengrc.com/blog/importance-of-domain-hijacking/
Domain hijacking is a form of cybersquatting premised on changing a domain name system (DNS) registration without its original domain registrant's authorization…
https://www.zengrc.com/blog/it-risk-management-a-primer-on-policy-examples-best-practices/
Enterprise risk management (ERM) should be a core component of every company's overall business strategy. To maintain operations, you need to be prepared for…
https://www.zengrc.com/blog/reciprocity-introduces-industrys-first-ai-powered-integrated-cyber-risk-platform/
Reciprocity's Pioneering New Approach to Risk Management Enables Companies to Avoid, Control, and Mitigate Risk in Business Processes While Providing Clear…
https://www.zengrc.com/blog/from-the-back-office-to-the-boardroom-the-changing-role-of-the-security-executive/
By Rob Ellis SVP of Product Strategy Get this White Paper CISOs and other security executives have long been perceived as the "no" people of the organizatio…
https://www.zengrc.com/blog/use-compliance-as-a-foundation-for-risk-management/
In the spring of 2020, organizations around the globe suddenly had a new reality: Stay-at-home orders meant that they had to shift their operating models…
https://www.zengrc.com/blog/introducing-the-reciprocity-product-suite/
Security and risk management (SRM) leaders are under increasing pressure to both reduce risk and demonstrate and communicate the value, effectiveness, and…
https://www.zengrc.com/blog/managing-third-party-risk/
Learn how to establish an effective Third Party Risk Management program for your organization with these process-focused strategies.
https://www.zengrc.com/blog/effective-infosec-begins-with-compliance-risk/
By Michael MaggioChief Product Officer As organizations increasingly shift to digital business models and expand their remote workforces, they're being…
https://www.zengrc.com/blog/internal-audit-control-testing/
Internal controls are designed to protect an organization from fraud, loss of assets, compliance failures, and other obstacles to overall business objectives…
https://www.zengrc.com/blog/compliance-vs-risk-similarities-key-differences/
Regulation of corporate activity is increasing around the world, forcing boards of directors and senior management to take an active role in all matters of…
https://www.zengrc.com/blog/benefits-of-supplier-tiering/
Supplier tiering is the process of organizing suppliers into tiers based on their importance to your supply chain. Categorizing suppliers into tiers helps to…
https://www.zengrc.com/blog/what-is-operational-resilience/
Operational resilience is your business's ability to withstand a sudden disruption or shock to business operations. More specifically, it is the set of…
https://www.zengrc.com/blog/what-is-cloud-security/
Cloud security can mean different things to different organizations. At the highest level, cloud security is how an organization applies cybersecurity to the…
https://www.zengrc.com/blog/what-is-it-vendor-risk-management/
Most companies rely on numerous cloud-based technology providers to manage their day-to-day business operations. These services can help you streamline and…
https://www.zengrc.com/blog/what-are-gdpr-fines-and-penalties/
Organizations that fail to comply with the European Union's General Data Protection Regulation (GDPR) standards for data protection, data security, and data…
https://www.zengrc.com/blog/tips-for-managing-reputational-risk/
Reputational risk is both an old and new phenomenon. If you ask senior executives whether they worry about their business's reputation, they always say yes;…
https://www.zengrc.com/blog/what-is-risk-avoidance/
In the modern business environment, managing risk is an organization's top priority. Typically the risk management process includes a number of steps that…
https://www.zengrc.com/blog/experts-guide-to-grc-tools/
YOUR COMPREHENSIVE GRC TOOL EVALUATION GUIDE If you've ever invested in a GRC tool that proved too costly or challenging to implement, then you know how…
https://www.zengrc.com/blog/how-to-calculate-risk-appetite-and-risk-tolerance/
USING RISK METRICS TO SET THE FOUNDATION OF YOUR ERM STRATEGY Companies in every industry face risk on a daily basis. However, when a company reaches…
https://www.zengrc.com/blog/employee-spotlight-kerwyn-velasco-product-line-manager-compliance/
As a Product Line Manager for Reciprocity, Kerwyn Velasco is responsible for driving the strategy and execution of the next generation of our ZenGRC platform.…
https://www.zengrc.com/blog/what-to-do-when-experiencing-a-third-party-vendor-breach/
In today's interconnected business landscape, companies of all sizes outsource many of their operations to third-party vendors. This also means giving those…
https://www.zengrc.com/blog/what-are-the-benefits-of-supply-chain-risk-management/
A company's supply chain encompasses the entire process of acquiring raw materials, making products, and selling goods across every stage of your product…
https://www.zengrc.com/blog/what-is-integrated-risk-management/
Integrated risk management (IRM) is an approach to managing information technology (IT) and operational risks that encompasses the entire organization and its…
https://www.zengrc.com/blog/determining-risk-register-based-on-industry/
The world is a risky place. Some of those risks are beyond a company's control, while others are very much within your control - but…
https://www.zengrc.com/blog/what-is-the-data-protection-family-tree/
Data protection is the set of processes and strategies that assure the privacy, availability, and integrity of your corporate data, including the personal data…
https://www.zengrc.com/blog/what-is-a-whaling-attack-how-to-avoid-one/
Everything there is to know about whaling attacks, including what they are and how your organization can protect itself against one. Threat actors today will…
https://www.zengrc.com/blog/attack-surface-management-strategies-to-keep-your-business-safe/
Attack surface is an important concept in cybersecurity. The larger an organization's attack surface is, the greater its cybersecurity risks - and therefore…
https://www.zengrc.com/blog/what-is-hitrust-compliance/
It is a constant challenge for the healthcare industry to comply with the Health Insurance Accessibility and Portability Act (HIPAA). HIPAA requires healthcare…
https://www.zengrc.com/blog/risk-assessment-methodology-you-should-know/
Risk assessments are essential to a risk management program. Risk assessments identify existing and emerging threats (either internal or external) to a…
https://www.zengrc.com/blog/brute-force-attack-definition-and-examples/
Brute force attacks are nothing new in cybersecurity. As far back as 2015 (eons ago, in technology terms) the global coffee chain Dunkin' Donuts suffered…
https://www.zengrc.com/blog/what-is-defense-in-depth/
"Defense in depth" (DiD) is a cybersecurity strategy inspired by military strategy, providing multiple layers of security controls to protect enterprise IT…
https://www.zengrc.com/blog/what-is-reputational-risk/
A company's reputation is a delicate thing. With an unfortunate sequence of mistakes or misconduct, years of customer loyalty and public goodwill can evaporate…
https://www.zengrc.com/blog/why-is-corporate-cybersecurity-important/
Costs associated with cyberattacks are growing rapidly, particularly for businesses. That's not likely to change any time soon. In its 2020 Year End Data…
https://www.zengrc.com/blog/controls-and-risk-two-sides-of-the-same-coin/
They've attacked hundreds of companies and government agencies leveraging just one software update vulnerability. They've triggered nationwide gas shortages…
https://www.zengrc.com/blog/cybersecurity-questions-you-should-ask-vendors/
Given the sharp rise of ransomware in recent years, and how cybercriminals have evolved in the tactics they use to launch cyberattacks, organizations must be…
https://www.zengrc.com/blog/what-is-downstream-liability/
Recent cyberattacks on Colonial Pipeline, NEW Cooperative, Oldsmar, and other critical infrastructure companies have highlighted the harm of downstream…
https://www.zengrc.com/blog/benefits-of-a-digital-supply-chain/
A supply chain is a broad ecosystem of activities, business processes, people, resources, and information that lead to the completion of a company's product or…
https://www.zengrc.com/blog/what-is-open-source-intelligence/
Open-source intelligence (OSINT) is any information that can be accessed by the public. This accessibility is defined as anything that doesn't require hacking…
https://www.zengrc.com/blog/cyber-hygiene-what-is-it-and-how-to-implement-it-for-your-business/
Since the dawn of COVID, we have become more conscious of washing our hands and other personal hygiene practices. What about cyber hygiene? What is…
https://www.zengrc.com/blog/using-compliance-as-a-catalyst-for-reducing-risk/
LEARN HOW TO USE YOUR COMPLIANCE PROGRAM AS A JUMPING OFF POINT FOR RISK MANAGEMENT Through regulations and countless best practices, industry has been…
https://www.zengrc.com/blog/how-reciprocity-onboarding-services-deliver-lightning-fast-time-to-value/
When your organization makes a substantial investment in new technology, the last thing you want is for it to go underused. Digital transformation is intended…
https://www.zengrc.com/blog/beyond-compliance-risk-maturity-model/
THE BUSINESS CASE FOR MATURE RISK MANAGEMENT Does your organization lack the right tools and processes to identify, assess, and mitigate or eliminate…
https://www.zengrc.com/blog/your-4-step-guide-to-setting-up-a-risk-committee/
BECAUSE CHANGING RISK ENVIRONMENTS REQUIRE OBJECTIVITY If your Board of Directors is solely responsible for monitoring and mitigating risk, then your…
https://www.zengrc.com/blog/best-practices-for-data-loss-prevention/
Organizations move their operations to digital ecosystems all the time — and then promptly encounter various vulnerabilities that risk your data being…
https://www.zengrc.com/blog/cybersecurity-and-natural-disasters/
It's not easy to prepare for the natural disasters that might happen and devastate your business. Still, just as civil defense teams prepare for hurricanes,…
https://www.zengrc.com/blog/what-are-gaap-internal-controls/
U.S. Generally Accepted Accounting principles (GAAP) are the set of financial reporting standards that businesses in the United States are expected to follow…
https://www.zengrc.com/blog/unified-compliance-framework-vs-secure-controls-framework/
By Dave Schmoeller When it comes to reducing risk, the key lies in making it simple to manage compliance. In doing so, you can…
https://www.zengrc.com/blog/risk-intellect-bridging-the-gap-between-compliance-and-risk/
By Rob Ellis, SVP of Product Strategy at Reciprocity There's a refrain I hear more and more often when I talk to compliance people…
https://www.zengrc.com/blog/what-is-a-cybersecurity-audit/
2021 brought relentless news of new cybersecurity threats somewhere in the world. The Colonial Pipeline attack By Russian hacker group, DarkSide, disrupted…
https://www.zengrc.com/blog/how-to-approach-inherent-and-residual-risk/
A GUIDE TO UNDERSTANDING THE VARIOUS RISKS FACING YOUR ORGANIZATION Organizations face risks related to their operations every day, whether it be from cloud…
https://www.zengrc.com/blog/what-are-blackmatter-ransomware-attacks/
Following the 2021 cyberattack on Colonial Pipeline that caused a nationwide supply-chain disruption, numerous cybersecurity companies and federal agencies…
https://www.zengrc.com/blog/key-elements-of-a-strong-risk-culture/
Risk culture is the set of shared beliefs, attitudes, and understanding among a group, usually in a corporate environment, about risk and risk management…
https://www.zengrc.com/blog/enterprise-risk-management-for-cloud-computing/
Businesses have always had to manage risk - everything from operational, financial, or strategic risks; to other risks that are reputational, regulatory, or…
https://www.zengrc.com/blog/what-is-dns-spoofing/
A DNS spoofing attack is a common tactic for man-in-the-middle (MITM) attacks. Hackers use DNS spoofing to intercept communication between two targets. The…
https://www.zengrc.com/blog/assess-your-enterprise-risk-management-maturity-in-6-simple-steps/
BEFORE AD-HOC RISK MANAGEMENT THREATENS YOUR BUSINESS GROWTH Is your organization losing contracts because you're not compliant with relevant regulations? Are…
https://www.zengrc.com/blog/dont-let-supply-chain-attacks-get-the-best-of-you/
The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on…
https://www.zengrc.com/blog/what-you-should-know-about-the-rise-in-aws-s3-security-data-breaches/
Amazon Web Services (AWS) is a cloud platform designed to meet the growing demand for cloud computing worldwide. AWS provides a set of cloud services…
https://www.zengrc.com/blog/fourth-party-risk-management-explained/
Most organizations use at least some (and perhaps many) external vendors in their daily operations, sometimes even to provide mission-critical services or…
https://www.zengrc.com/blog/digital-banking-challenges-opportunities/
Digital banking has become more and more over the years, and the COVID-19 pandemic only underlined the need for convenient, contact-free financial institutions…
https://www.zengrc.com/blog/5-tips-to-preventing-data-leakage-in-2022/
In today's world, where customers and app users are increasingly aware of the personal information they provide to companies and seek to limit the amount…
https://www.zengrc.com/blog/what-is-risk-heat-map-for-risk-management/
A robust, cohesive risk management strategy is critical to the success of any cybersecurity plan. The enterprise risk management (ERM) framework created by the…
https://www.zengrc.com/blog/cybersecurity-risk-a-top-issue-in-the-boardroom/
FINDINGS FROM A CYBERRISK ALLIANCE (CRA) RESEARCH STUDY Risk management has risen significantly on the board of directors' radar from a compliance requirement…
https://www.zengrc.com/blog/protecting-data-at-rest-vs-data-in-motion/
Data theft can devastate any company, resulting in lost profits, regulatory enforcement, litigation, and reputational damage that can be difficult to overcome…
https://www.zengrc.com/blog/how-to-implement-third-party-risk-management-policies/
Third-party risk management needs a new approach because (let's be honest here) the current approach doesn't work. According to Gartner, 83 percent of legal…
https://www.zengrc.com/blog/top-security-risks-of-cloud-computing-how-to-avoid-them/
The need for versatile and affordable solutions for storing and processing data in enterprises makes cloud computing an increasingly attractive IT strategy. Cl…
https://www.zengrc.com/blog/compromised-credentials-could-put-your-business-at-risk/
Lost or stolen user access credentials are a chronic, widespread cause of cybersecurity breaches. By mid-2020, 80 percent of hacking-related breaches and 77…
https://www.zengrc.com/blog/notes-on-cybersecurity-and-operational-risk/
This article first appeared on radicalcompliance.com December 12th, 2021 Last week one of the country's top banking regulators published its semi-annual report…
https://www.zengrc.com/blog/how-to-build-a-risk-management-plan/
7 STEPS TO AGILE RISK MANAGEMENT IN THE AGE OF DISRUPTION The face of risk has never been more amorphous and elusive. Because the same technologies…
https://www.zengrc.com/blog/reciprocity-listed-on-2021-deloitte-technology-fast-500-the-fastest-growing-companies-in-north-america/
Reciprocity is honored to be named to the 2021 Deloitte Technology Fast 500™ list of the 500 fastest-growing technology, media, telecommunications, life…
https://www.zengrc.com/blog/what-is-threat-intelligence-monitoring/
Broadly speaking, threat intelligence monitoring is an organization's ability to observe and understand various threats to its IT operations and confidential…
https://www.zengrc.com/blog/best-practices-of-cybersecurity-risk-management/
Cyber threats are everywhere, regardless of your organization's size or industry. Businesses today must adopt a systematic, disciplined cybersecurity plan to…
https://www.zengrc.com/blog/key-components-of-operational-resilience/
Cybersecurity attacks, weather disasters, supply chain disruptions, and the global pandemic show us that threats to routine business operations are ever…
https://www.zengrc.com/blog/the-importance-of-information-technology-general-controls/
Many businesses have relied on technology to run mission-critical business processes for years, and the pandemic only accelerated that digital evolution. And…
https://www.zengrc.com/blog/what-is-remediation-in-cyber-security/
Learn about what cybersecurity remediation is, why it's important, and how you can use it to protect your business from cyberattacks. Threats to an organizati…
https://www.zengrc.com/blog/what-you-should-know-about-rdp-security-vulnerabilities/
Everything you need to know about Remote Desktop Protocol (RDP) security vulnerabilities including how your business can stay secure while using them. The…
https://www.zengrc.com/blog/3-challenges-healthcare-compliance-teams-are-set-to-overcome-with-reciprocity-zengrc-in-2022/
Surging ransomware attacks, rising vendor risk and increasingly complex regulatory demands - such are the hurdles healthcare compliance teams face after two…
https://www.zengrc.com/blog/why-is-data-security-important/
If you want one example of why data security is important, consider this: According to Statista, 79 zettabytes (a trillion gigabytes) of data will be…
https://www.zengrc.com/blog/top-emerging-risks-in-higher-education/
In 2017 hackers launched a phishing campaign against Canada's MacEwan University and defrauded MacEwan out of nearly $11.8 million. Although more than 90…
https://www.zengrc.com/blog/common-types-of-security-vulnerabilities-in-e-commerce/
E-commerce websites experienced unprecedented growth during the COVID-19 pandemic, and that shows no signs of slowing down. That growth, however, also comes…
https://www.zengrc.com/blog/top-cyber-risk-trends-where-to-focus-your-efforts-in-2022/
AN INSIDE GRC PANEL DISCUSSION In 2021 the term "new normal" showed why it was ever uttered in the first place. Although many aspects of life…
https://www.zengrc.com/blog/reciprocity-continues-to-lead-g2-winter-2022-grid-report-for-grc-platforms/
SAN FRANCISCO, California - December 15, 2021 - Reciprocity, a leader in information security risk and compliance, today announced its ZenGRC® platform was…
https://www.zengrc.com/blog/what-is-pan-data/
If your business accepts credit card payments, you have probably heard of the Payment Card Industry Data Security Standard (PCI DSS) and the term “PAN…
https://www.zengrc.com/blog/risk-assessment-methodologies/
Risk is inescapable. However careful your company might be, it cannot experience growth without accepting a certain amount of risk. The key to a successful…
https://www.zengrc.com/blog/emerging-risk-management-trends-you-need-to-know/
With every passing day, businesses become more entwined in an ecosystem of partners, vendors, and suppliers in global markets. A local natural disaster, for…
https://www.zengrc.com/blog/the-risks-associated-with-shadow-it/
Shadow IT refers to the set of technology (IT) apps, tools, devices, and services used within a company without the approval of the IT department.…
https://www.zengrc.com/blog/soc-for-cybersecurity-vs-soc-2/
2021 has been a challenging year for cybersecurity. The shift to remote work models, and to digital tools that automate and streamline processes, brought a…
https://www.zengrc.com/blog/how-strong-are-your-business-internal-controls/
Internal controls are essential for the proper operation of any corporate organization. By implementing effective internal controls, you can boost operational…
https://www.zengrc.com/blog/what-is-a-project-management-risk-owner-their-responsibilities/
Even the most carefully planned projects still entail a certain amount of risk. Since project risk is inevitable, a project manager must do everything he…
https://www.zengrc.com/blog/why-key-risk-indicators-are-important-for-risk-management/
Key risk indicators are important for every business. And while "KRIs" vary from one industry to the next — for example, what’s important for agribusiness…
https://www.zengrc.com/blog/reactive-vs-proactive-cyber-security-measures/
With the sharp increase in remote working worldwide, companies have endured a proliferation of cybersecurity risks — and, consequently, increased their…
https://www.zengrc.com/blog/most-common-types-of-network-security-attacks/
The modern enterprise network is a complex, highly connected ecosystem of hardware, software, services, communication protocols, virtual resources, and people;…
https://www.zengrc.com/blog/more-sec-talk-on-cyber-internal-control/
This article first appeared on radicalcompliance.com November 19th, 2021 Before this particular bit of news sails downstream, internal control professionals…
https://www.zengrc.com/blog/what-is-risk-management-in-hospitality/
The hospitality industry has been hit hard with challenges during the COVID pandemic. For a sector that prides itself on customer service and adapting to…
https://www.zengrc.com/blog/why-is-pci-compliance-important-to-an-organization/
Payment Card Industry (PCI) Data Security Standard (DSS) compliance is important to organizations that want to accept, transmit, process, or store payment card…
https://www.zengrc.com/blog/governance-risk-and-compliance/
The phrase "governance, risk, and compliance" (GRC) was first introduced in the early 2000s by the Open Compliance and Ethics Group (OCEG). Since then, the…
https://www.zengrc.com/blog/top-ways-to-control-business-risk/
Businesses and other organizations are exposed to all types of risk. Anything threatening a company's ability to achieve its financial, operational, or…
https://www.zengrc.com/blog/risk-management-and-budget-planning/
Every company needs to undertake a certain amount of planning if it wants to grow. This includes not only strategic planning to expand operations and…
https://www.zengrc.com/blog/what-are-hipaa-storage-requirements/
If your company is at all related to the medical field, it’s subject to HIPAA compliance requirements. The protected health information (PHI) defined by HIPAA…
https://www.zengrc.com/blog/how-you-should-rank-cybersecurity-vulnerabilities/
Discover the best practices for ranking cybersecurity vulnerabilities so that you can eliminate them. If there’s one thing you can expect from cybercriminals…
https://www.zengrc.com/blog/steps-to-creating-a-cybersecurity-disaster-recovery-plan/
Create a successful cybersecurity disaster recovery plan using these steps from the team at Reciprocity. When disaster strikes, your organization needs to be…
https://www.zengrc.com/blog/3-questions-with-michael-maggio-on-risk-intellect/
Meet Risk Intellect Reciprocity® Risk Intellect is a new risk-analysis tool that, when used with the Reciprocity ZenGRC® platform, provides insight on the…
https://www.zengrc.com/blog/building-cyber-resilience-into-your-management-plan/
Build cyber resilience into your risk management plan with help from the team at Reciprocity. As the threats to information security continue to evolve, more…
https://www.zengrc.com/blog/how-to-reduce-your-cyber-exposure/
2020 was a landmark year for cybersecurity events and data breaches. In the first few months following the COVID-19 pandemic, malicious emails shot up by 600…
https://www.zengrc.com/blog/the-importance-of-information-security/
The first nine months of 2020 saw 2,953 publicly reported breaches — 51 percent more than the same period in 2019; by the end…
https://www.zengrc.com/blog/communicate-risks-to-stakeholders/
Support project success by communicating types of risks and their business relevance to both internal teams and external stakeholders.
https://www.zengrc.com/blog/gdpr-how-does-it-affect-social-media/
The European Union’s General Data Protection Regulation (GDPR) is often hailed as a “gold standard” regulation to protect consumer information and data privacy…
https://www.zengrc.com/blog/improve-efficiencies-with-vendor-tiering/
As your company grows you’ll increasingly find it necessary to work with outside partners to meet business objectives. Taking on new vendors and contractors…
https://www.zengrc.com/blog/the-kindness-challenge-3-words-we-lived-by-in-november/
Gratitude. Kindness. Reciprocity. Three great words (especially that last one — though we admit we’re a bit biased!). But how often do you put them…
https://www.zengrc.com/blog/cloud-security-compliance-11-steps-stairway-cloud-services-heaven/
Organizations are increasingly turning to cloud-based IT solutions, which makes cloud security compliance standards more important than ever before. The steps…
https://www.zengrc.com/blog/internal-vs-external-vulnerability-scan-what-are-the-differences/
Cyberattackers and hackers try to exploit security vulnerabilities to gain unauthorized access to enterprise networks. Their intentions typically include…
https://www.zengrc.com/blog/4-most-common-causes-of-data-leaks-in-2021/
2020 was a landmark year for data breaches. This year will likely be no different. More than 8 billion records were exposed in just the first…
https://www.zengrc.com/blog/privacy-impact-assessment/
The International Association of Privacy Professionals (IAPP) defines privacy as “the right to be let alone, or freedom from interference or intrusion.” Many…
https://www.zengrc.com/blog/what-is-cyber-situational-awareness/
Digital transformation has created enormous opportunities for businesses to grow and prosper. It has also brought great risk, foremost from criminals armed…
https://www.zengrc.com/blog/top-vendor-tiering-strategies-to-mitigate-cybersecurity-risks/
All organizations rely on vendors to function in today’s dynamic landscape while achieving peak operational efficiency, cost-effectiveness, and economies of…
https://www.zengrc.com/blog/what-is-a-cybersecurity-incident-response-plan/
Global cyberattacks increased by 29 percent in the first half of 2021 compared to 2020, and we can assume that cybercriminals and hackers won’t stop…
https://www.zengrc.com/blog/bluegreen-vacations-selects-zengrc-for-compliance/
Bluegreen Vacations believes in the power of vacation. A leader in vacation ownership, the company’s 222,000+ owners and guests enjoy vacation experiences…
https://www.zengrc.com/blog/cyber-risk-indicators-of-compromise-iocs/
Everything you need to know about indicators of compromise including how you can identify them to better protect your business. Protecting your business…
https://www.zengrc.com/blog/business-continuity-disaster-recovery/
Data security is the practice of protecting data from unauthorized access and corruption throughout the data’s lifecycle. Implementing adequate data security…
https://www.zengrc.com/blog/common-cyber-attack-vectors-and-how-to-avoid-them/
The rapid pace of technological progress has let companies around the world benefit from operational improvements that lower costs. This progress, however…
https://www.zengrc.com/blog/protect-your-business-from-botnet-attacks/
Cyberattacks can take many forms. Those intended to disrupt a business often happen as denial of service (DoS) attacks, and its even more disruptive cousin,…
https://www.zengrc.com/blog/how-to-map-controls-in-risk-management/
Strong, reliable internal controls are an indispensable element of risk management. Properly functioning controls help to identify risks that could cause…
https://www.zengrc.com/blog/what-does-a-business-continuity-plan-typically-include/
Business continuity plans are vitally important for modern risk management because, unfortunately, there are so many ways for businesses to be disrupted. Your…
https://www.zengrc.com/blog/what-you-should-know-about-web-shell-attacks/
In a blog post published in February 2021, Microsoft noted that web shell attacks had been steadily increasing since mid-2020. There were 140,000 monthly web…
https://www.zengrc.com/blog/common-causes-of-data-backup-failures/
No matter how careful you are with your data storage and data protection measures, the risk of data loss is always there. You need to…
https://www.zengrc.com/blog/five-keys-to-successful-nist-audits/
AN INSIDE GRC PANEL DISCUSSION When it comes to NIST, are you truly prepared? If not, you’ll likely spend excess time and money only to get…
https://www.zengrc.com/blog/signs-youve-been-targeted-for-ddos-botnet-recruitment/
Cybercrime can take many forms, and the criminals behind such attacks work with increasing sophistication — even to the point that some companies may…
https://www.zengrc.com/blog/reciprocity-delivers-immediate-insight-into-compliance-and-risk-with-risk-intellect/
New, innovative risk-assessment product enables compliance-driven cyber risk management SAN FRANCISCO, Calif. – Nov. 3, 2021 – Reciprocity, a leader in…
https://www.zengrc.com/blog/reciprocity-announces-launch-of-risk-intellect/
Compliance-driven Cyber Risk Management Reciprocity® Risk Intellect is a new risk-analysis tool that, when used with the Reciprocity ZenGRC® platform, provides…
https://www.zengrc.com/blog/the-differences-between-sbom-and-cbom/
In May 2021, President Joe Biden signed an executive order (EO) aiming to strengthen America’s cybersecurity. One key point in the EO was the need…
https://www.zengrc.com/blog/what-is-a-ddos-attack-how-to-protect-your-site/
Cybersecurity threats evolve constantly, and it’s difficult for any organization to stay ahead of emerging risks. A company’s best defense against security…
https://www.zengrc.com/blog/pcaob-alert-on-audits-external-data/
This article first appeared on radicalcompliance.com October 11th, 2021 The PCAOB published fresh guidance last week about how auditors should handle evidence…
https://www.zengrc.com/blog/performing-sarbanes-oxley-risk-assessment/
Companies around the world have experienced tremendous changes. For publicly traded companies, those changes can bring new considerations into the frame for…
https://www.zengrc.com/blog/what-is-network-security/
Organizations rely on an internal network infrastructure to optimize processes and scale up operations in today’s globalized world. Still, networks can pose…
https://www.zengrc.com/blog/what-is-cloud-cryptography-how-does-it-work/
Cloud computing allows an organization to use IT services delivered via the internet instead of maintaining your own physical servers. Popular cloud computing…
https://www.zengrc.com/blog/how-do-i-select-a-grc-solution-for-my-business/
Excerpt from article originally posted on HelpNetSecurity by Michael Maggio, EVP of Product The pandemic accelerated the need for risk management strategies…
https://www.zengrc.com/blog/how-to-create-a-data-centric-security-model/
Information security used to revolve around securing the locations where sensitive data was stored. Now, with the rise of cloud computing, data can be stored…
https://www.zengrc.com/blog/how-to-upgrade-your-cyber-risk-management-program-with-nist/
USE THIS CHECKLIST TO GET PREPARED There are many aspects to consider when looking to elevate your cybersecurity program. One consideration is which compliance…
https://www.zengrc.com/blog/public-vs-private-cloud-security-whats-the-difference/
Security in cloud computing is often a major concern among cloud customers, mainly because of the risk of losing sensitive data and the difficulties of…
https://www.zengrc.com/blog/how-to-manage-risk-with-internal-control-monitoring/
Strong, effective internal controls are crucial to developing an efficient operating environment that drives business growth. Good internal control activities…
https://www.zengrc.com/blog/security-vs-compliance-understanding-the-differences/
As cyberattacks continue to proliferate, it’s clear that organizations must be prepared from both cybersecurity and compliance standpoints. It’s critical…
https://www.zengrc.com/blog/how-data-centric-security-models-build-cyber-resiliency/
A data-centric security model moves your cybersecurity away from protecting the place where your data is stored to focus instead on securing the data itself.…
https://www.zengrc.com/blog/what-is-fourth-party-risk/
Outsourcing is a critical part of business management and an important ingredient in business growth. One business outsources some task to another — but that…
https://www.zengrc.com/blog/real-world-perils-of-manual-grc-what-to-do-instead/
AN INSIDE GRC PANEL DISCUSSION Let’s face it: we all know manual processes are cumbersome. But did you know they can also be costly to your…
https://www.zengrc.com/blog/what-is-cloud-infrastructure/
Cloud computing is the process of storing and accessing computer services — servers, storage, databases, software, networking, intelligence, and analytics —…
https://www.zengrc.com/blog/ebook-how-to-build-a-risk-ownership-model/
KEY CONSIDERATIONS TO ASSIGNING OWNERSHIP IN ENTERPRISE RISK MANAGEMENT Every company must deal with risk, whether compliance-related, financial, legal…
https://www.zengrc.com/blog/ebook-driving-organizational-strategy-adoption-erm-checklist/
A 10-POINT CHECKLIST TO HELP YOU DRIVE ERM ADOPTION We’ve seen rapid adoption of innovative business tools and strategies like cloud computing software and…
https://www.zengrc.com/blog/ebook-how-to-build-a-risk-register/
HELP YOUR RISK MANAGERS TO BETTER UNDERSTAND AND TRACK RISKS Risks are an inherent part of the business environment. Companies face various risks related to…
https://www.zengrc.com/blog/avoiding-cyber-security-false-positives/
Cyber attacks and data breaches made big news in 2020 and 2021: In 2020, 37 percent of organizations were affected by ransomware attacks, according…
https://www.zengrc.com/blog/breaking-it-down-the-difference-between-infosec-compliance-types/
Compliance is an essential part of any business. From a corporate perspective, it can be defined as ensuring your company and employees follow all laws,…
https://www.zengrc.com/blog/inherent-risk-vs-residual-risk-what-is-the-difference/
People travel through a world of risk every day, and we constantly calculate the level of risk we’re willing to tolerate at any particular moment.…
https://www.zengrc.com/blog/how-hackers-exploit-passive-and-active-attack-vectors/
Learn about the methods cybercriminals use to exploit passive and active attack vectors so you can better protect your business or organization from cyberattack…
https://www.zengrc.com/blog/global-companies-and-geopolitical-risk-management/
As the COVID pandemic swept the world in 2020 and changed the way we travel and do business, other disruptions happened too: large wildfires driven…
https://www.zengrc.com/blog/learn-about-the-digital-operational-resilience-act/
Around the world, and particularly over the past few years, regulators have been looking for ways to strengthen the resilience of the financial sector. In the…
https://www.zengrc.com/blog/3-tips-to-building-a-risk-aware-culture/
Enterprise organizations and government agencies worldwide are focused on strengthening their computer networks against the risk of a cyberattack. However, a…
https://www.zengrc.com/blog/what-is-private-cloud-security/
Today businesses and individuals alike take advantage of cloud services every day. These tools are accessible for all manner of uses, from email hosting to…
https://www.zengrc.com/blog/best-practices-for-securing-your-cloud-service/
The popularity of cloud services has soared in recent years, as ever more companies move towards a remote or hybrid workplace model. While cloud computing…
https://www.zengrc.com/blog/automating-vendor-risk-management/
Modern supply chains are highly interconnected and complex. Today’s organizations leverage numerous third-party relationships to cut costs, speed up operations…
https://www.zengrc.com/blog/what-is-a-vulnerability-scanner/
Guide to Vulnerability Scanning Tools A vulnerability scanning tool scans a network or system for weaknesses and security vulnerabilities that could be…
https://www.zengrc.com/blog/cybersecurity-awareness-month-2021-the-most-helpful-tools-in-the-kit/
Cybersecurity Awareness Month was first promoted in October 2008 as a joint effort of the U.S. Department of Homeland Security (DHS) and the National Cybersecur…
https://www.zengrc.com/blog/back-to-basics-beginning-your-risk-program/
Are you struggling with where to begin setting up a risk program within your organization? With the pace of evolving technology coupled with outside threats…
https://www.zengrc.com/blog/what-is-cyber-risk-management/
Cyber risk management is the process by which you determine potential cyber threats, and then put measures into place to keep those threats at acceptable…
https://www.zengrc.com/blog/data-risk-management-in-the-gig-economy/
A huge swath of the U.S. workforce doesn’t actually hold a full-time job. As many as 40 percent of Americans work in the so-called “gig…
https://www.zengrc.com/blog/third-party-risk-management-regulations-every-organization-should-know/
Modern organizations operate in a complex business landscape. Increasingly, they rely on a plethora of third-party partners, vendors, and subcontractors to…
https://www.zengrc.com/blog/what-to-do-when-your-cloud-system-crashes/
Ensure your business is prepared for cloud system crashes or outages with this helpful guide from Reciprocity Most organizations today rely on the cloud to…
https://www.zengrc.com/blog/conducting-penetration-testing-for-your-corporate-security/
Find out the best practices for conducting penetration testing for your business or organization. Understanding your organization’s cybersecurity posture is…
https://www.zengrc.com/blog/what-is-the-gramm-leach-bliley-act/
In 1999, the United States Congress passed the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, with numerous…
https://www.zengrc.com/blog/why-you-need-a-vendor-risk-management-policy/
In virtually every industry, organizations work with third parties such as suppliers and vendors, to improve operational efficiency, save money, and achieve…
https://www.zengrc.com/blog/reciprocity-named-leader-for-grc-platforms-in-g2-fall-2021-grid-report/
SAN FRANCISCO - September 15, 2021 - Reciprocity, a leader in information security risk and compliance, today announced its ZenGRC® platform was recognized as…
https://www.zengrc.com/blog/key-targets-for-fileless-malware/
Cybersecurity threats have proliferated for years, and that shows no sign of stopping. One estimate, for example, is that damages due to cybercrime will hit…
https://www.zengrc.com/blog/tips-for-patching-security-vulnerabilities/
Given the countless cyber threats facing organizations these days, security has become one of the most pressing issues on the executive mind. Yet when we…
https://www.zengrc.com/blog/developing-your-key-risk-indicators/
Organizations today live in a dynamic environment. Risks to your business activities are everywhere, including among the relationships you have with other…
https://www.zengrc.com/blog/why-you-should-develop-a-cybersecurity-operations-team/
Technology and IT infrastructure are essential assets for businesses today. Without them, daily operations can grind to a halt. Consequently, assessing the…
https://www.zengrc.com/blog/using-artificial-intelligence-in-risk-management/
Artificial intelligence (AI) is here to stay. Every day, businesses find more activities that can be optimized thanks to the efficiency and effectiveness of…
https://www.zengrc.com/blog/what-is-a-data-centric-architecture-for-security/
As cyber threats and data breaches proliferate, organizations need a better way to protect their sensitive data. One specific need: effective and efficient…
https://www.zengrc.com/blog/four-factors-of-a-hipaa-breach-risk-assessment/
Modern technology allows the easy collection and distribution of personally identifiable information — and concerns about the unintended distribution of that…
https://www.zengrc.com/blog/how-ransomware-has-driven-the-rise-in-healthcare-data-breaches/
Discover how ransomware has caused a rise in healthcare data breaches and what you can do to protect your organization. Healthcare organizations have been…
https://www.zengrc.com/blog/american-cybersecurity-literacy-act-and-your-business/
The last several years have brought an onslaught of cyberattacks on individual persons, businesses, and federally managed critical infrastructure. Some days it…
https://www.zengrc.com/blog/detecting-and-responding-to-network-intrusions/
Hackers and cyber criminals work tirelessly to develop new ways of infiltrating your network and data. No matter how strong your cybersecurity program is…
https://www.zengrc.com/blog/7-critical-cloud-security-controls-for-every-business/
Lots of organizations are adopting cloud computing, encouraged by its many potential advantages, including lower costs, shorter development cycles, and high…
https://www.zengrc.com/blog/common-types-of-insider-threats-that-cause-security-breaches/
CISOs and other compliance professionals already know that insider threats are a primary cause of cybersecurity breaches. Still, to put numbers behind that…
https://www.zengrc.com/blog/managing-digital-risks-in-the-modern-digital-economy/
In the modern economy, advances in digital technology are creating rich success opportunities for organizations. Those same digital technology advances…
https://www.zengrc.com/blog/best-practices-for-insider-threat-detection/
The unfortunate truth is that insiders pose the biggest threats to organizational security. Current or former employees, vendors, contractors, partners, and…
https://www.zengrc.com/blog/different-types-of-penetration-testing/
No company is free from risks and vulnerabilities. No matter how robust the digital infrastructure or how strict the cybersecurity measures are, some level of…
https://www.zengrc.com/blog/best-practices-for-detecting-supply-chain-threats/
Many government agencies, Fortune 500 companies, and security teams will never forget a landmark event in December 2020. This was when the world discovered one…
https://www.zengrc.com/blog/what-is-endpoint-security/
In enterprise networks, endpoint devices refer to end-user devices such as laptops, servers, desktops, Internet of Things (IoT) devices, and mobile devices…
https://www.zengrc.com/blog/common-types-of-digital-security-risks/
The COVID-19 pandemic accelerated the shift to digital business — everything from decentralizing enterprise workforces and digital assets to cloud migration…
https://www.zengrc.com/blog/what-is-vulnerability-testing/
Even the most secure IT system can have vulnerabilities that leave it exposed to cyber attacks. Constantly changing network environments, social engineering…
https://www.zengrc.com/blog/new-federal-guidance-for-banks-managing-third-party-risks/
The federal government has released new guidance for banks to help them in managing third-party risks. Over the summer, a trio of banking regulators proposed…
https://www.zengrc.com/blog/coso-guidance-on-cloud-computing-issues/
This blog first appeared on radicalcompliance.com August 4th, 2021 COSO released another guidance document last week, this one talking about how to apply…
https://www.zengrc.com/blog/cybersecurity-checklist-for-small-businesses/
Use this cybersecurity checklist for small businesses to protect your organization from potential cyber attacks. Understanding Cybersecurity for Small…
https://www.zengrc.com/blog/tackling-cybersecurity-risks-from-employees/
Are your organization’s employees a threat to its cybersecurity? CISOs and other IT leaders have long known that their organization’s own employees pose some…
https://www.zengrc.com/blog/what-is-continuous-attack-surface-management/
In the modern business world, companies need to invest heavily in digital technologies to keep their operations efficient and agile. That’s good unto itself…
https://www.zengrc.com/blog/what-the-proposed-hipaa-modifications-could-mean-for-healthcare-privacy/
Data privacy and protection are essential in modern business. The amount of personal data stored in various databases is enormous, and poses numerous threats…
https://www.zengrc.com/blog/building-your-cyber-risk-intelligence-team/
In 2020, organizations around the world had to contend with: The exposure of 36 billion records A 630 percent increase in cloud-based cyber…
https://www.zengrc.com/blog/what-is-a-vulnerability-management-program/
Vulnerability Management is the cornerstone of information security programs. Cybersecurity practitioners leverage vulnerability management programs to...
https://www.zengrc.com/blog/risk-mitigation-in-software-engineering/
The OWASP Software Assurance Maturity Model (SAMM) guides you through the software development life cycle (SDLC) so that you can create secure applications.
https://www.zengrc.com/blog/managing-third-party-risks-when-using-cloud-storage/
In today's fast-paced world, organizations (and individuals) benefit from relying on third parties to manage their business processes. From cost reduction to…
https://www.zengrc.com/blog/best-practices-to-mitigate-cyber-risks-in-2021/
Anyone following cybersecurity news has likely heard about the infamous Colonial pipeline ransomware attack in May 2021. A compromised password allowed…
https://www.zengrc.com/blog/the-cisas-new-list-of-bad-practices-for-cybersecurity-risk/
The Cybersecurity & Infrastructure Security Agency (CISA) is a U.S. government agency focused on risk management for the nation's infrastructure protection…
https://www.zengrc.com/blog/what-is-the-difference-between-vulnerability-assessment-and-penetration-testing/
A vulnerability assessment is the process of identifying IT security weaknesses in your network, operating systems, firewalls, and hardware, and then taking…
https://www.zengrc.com/blog/what-are-vishing-attacks/
Cybersecurity attacks come in all sorts of ways and from all directions, so perhaps we should not be surprised at one of the latest trends…
https://www.zengrc.com/blog/cyber-risk-stay-ahead-of-evolving-threats-with-proactive-collaboration/
How can you stay ahead of evolving threats encompassed by cyber risk? The easiest answer is: by being proactive. In this session, Reciprocity GRC experts…
https://www.zengrc.com/blog/reciprocity-shortlisted-for-2021-saas-awards/
Cloud adoption has exploded over the last few years and today, it is the expected cost-effective alternative to traditional IT solutions where you can leverage…
https://www.zengrc.com/blog/nist-vs-soc-2-whats-the-difference/
When the subject is cybersecurity compliance, the National Institute of Standards and Technology (NIST) is often the first reference that comes to mind. NIST…
https://www.zengrc.com/blog/what-is-hybrid-cloud-security/
Hybrid clouds are an elegant and adaptable technology solution for combining public and private cloud storage with more traditional IT infrastructure. While…
https://www.zengrc.com/blog/safeguarding-against-the-latest-ransomware-attacks/
Since the start of the COVID-19 pandemic in 2020, there has been a steep increase in the number of cyberattacks worldwide. Phishing attacks, ransomware-as-a-s…
https://www.zengrc.com/blog/why-healthcare-hacking-is-profitable-and-how-you-can-prevent-it/
Healthcare hacking - that is, cybercrimes that specifically target the healthcare sector - is quickly becoming one of the most lucrative forms of cyber theft.…
https://www.zengrc.com/blog/what-is-supplier-risk-management/
The risks that threaten your vendors and contractors threaten your company as well. Every additional party added to your supply chain expands the scope of…
https://www.zengrc.com/blog/could-you-be-the-target-of-a-customized-raas-campaign/
A recent report from cybersecurity software vendor McAfee shows that Ransomware-as-a-Service (RaaS) is on the rise. Although ransomware attacks dropped by…
https://www.zengrc.com/blog/why-are-ransomware-attacks-on-the-rise/
Since the Colonial Pipeline incident in May 2021, the word "ransomware" has been circulating in public opinion and even in recent remarks from President Biden…
https://www.zengrc.com/blog/why-you-should-treat-cybersecurity-awareness-like-a-business/
Digital infrastructure and cloud technology support an essential part of the modern world. Social, commercial, academic, and many other spaces exist within…
https://www.zengrc.com/blog/reciprocity-joins-pci-security-standards-council/
In an era of increasingly sophisticated attacks on systems, PCI Security Standards and resources are critical to helping organizations secure payment data and…
https://www.zengrc.com/blog/the-6-key-pillars-of-cloud-security/
To understand the most important pillars of cloud security, we must first understand what cloud computing is and its fundamental properties. Cloud computing…
https://www.zengrc.com/blog/reciprocity-expands-partner-program/
New IT Distribution Partner to Enable Simplified Support for VARs SAN FRANCISCO – July 12, 2021 – Reciprocity, a leader in information security risk and…
https://www.zengrc.com/blog/how-hipaa-and-cybersecurity-keep-your-data-safe/
Personal healthcare data is one of the most valuable types of data that cybercriminals can obtain. Meanwhile, to protect the healthcare data they possess, many…
https://www.zengrc.com/blog/what-to-know-about-colorados-new-consumer-data-privacy-law/
In June 2021, the Colorado lawmakers enacted SB21-190, the Colorado Privacy Act (CPA). The CPA is expected to be signed into law within 30 days, making…
https://www.zengrc.com/blog/most-common-machine-learning-security-risks/
What is machine learning? Machine learning (ML) is a subset of artificial intelligence (AI) that uses algorithms, data sets, and statistical analysis to make…
https://www.zengrc.com/blog/developing-a-healthcare-data-security-plan-for-the-modern-world/
Threats to healthcare data are evolving just as quickly as healthcare technology itself — and really, why not? Cyber criminals are well aware that the…
https://www.zengrc.com/blog/getting-on-the-path-to-a-successful-audit/
When you’re running a compliance program, audits come with the territory. However, as the number of audits and assessments continue to rise, they become even…
https://www.zengrc.com/blog/defining-and-managing-third-party-security-risks/
Once upon a time, a company's IT network was like a fenced-in estate, protecting sensitive data and proprietary information: only employees with correct access…
https://www.zengrc.com/blog/what-is-regtech-and-why-does-it-matter/
Financial institutions lost $16.9 billion to account takeover and identity fraud in 2019 alone, and the shift to online financial services during the pandemic…
https://www.zengrc.com/blog/a-difficult-picture-for-anti-fraud-today/
This article first appeared on radicalcompliance.com June 21, 2021 The Association of Certified Fraud Examiners is holding its 2021 conference this week (virtu…
https://www.zengrc.com/blog/reciprocity-named-leader-for-grc-platforms-in-g2-summer-2021-grid-report/
ZenGRC Platform Designated ‘Leader’ and ‘High Performer’ by Users SAN FRANCISCO – June 29, 2021 – Reciprocity, a leader in information security risk and…
https://www.zengrc.com/blog/employee-spotlight-alan-gouveia-grc-expert/
Alan Gouveia is one of our esteemed GRC Experts at Reciprocity. As an experienced governance and compliance professional, he is one of the first people…
https://www.zengrc.com/blog/ftc-serves-moviepass-its-final-scene/
This article first appeared on radicalcompliance.com June 8, 2021 The folks behind MoviePass have agreed to settle charges with the Federal Trade Commission tha…
https://www.zengrc.com/blog/what-is-an-advanced-persistent-threat-in-cybersecurity/
Corporate cybersecurity professionals must be on constant alert to avoid the wide range of cyberattacks that can be thrown at them today: malware, ransomware…
https://www.zengrc.com/blog/effective-social-media-risk-management/
Businesses need to have a social media strategy and engage in social networking as part of their branding. You also, however, need to protect your…
https://www.zengrc.com/blog/what-is-penetration-testing-pen-tests-defined/
Penetration testing, also known as “pen testing,” is an intentional, simulated cyberattack against your IT systems to find vulnerabilities and test the…
https://www.zengrc.com/blog/effective-workflow-for-your-audit-management-process/
Automating the workflow for your audit management process allows you to communicate within your organization saving money and time.
https://www.zengrc.com/blog/what-is-the-principle-of-least-privilege/
As you go about the work of managing your IT environment, it's likely that you already apply the Principle of Least Privilege (POLP, also known…
https://www.zengrc.com/blog/what-are-the-elements-of-an-integrated-risk-management-system/
Integrated Risk Management (IRM) is "a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision...
https://www.zengrc.com/blog/another-look-at-cybersecurity-shortcomings/
This article first appeared on radicalcompliance.com May 26, 2021 The other week the Biden Administration issued an executive order to improve cybersecurity…
https://www.zengrc.com/blog/is-nist-mandatory/
You don't have to spend a long time in the cybersecurity and information technology world before someone brings up NIST compliance. Since the agency’s…
https://www.zengrc.com/blog/cloud-security-vs-traditional-security/
With traditional IT security, you control your data environment. However, moving to the cloud requires you to treat cloud security as both owned and outsourced risks.
https://www.zengrc.com/blog/cmmc-is-coming-are-you-ready/
The Cybersecurity Maturity Model Certification (CMMC) program was created by the U.S. government to create a set of standards that all organizations must meet…
https://www.zengrc.com/blog/beyond-the-firewall-protect-yourself-against-advanced-cyber-attacks/
Cyberattacks can devastate your company. No matter how strong your defenses may be, hackers and cyber thieves are working hard to outsmart your security…
https://www.zengrc.com/blog/what-does-it-mean-to-transfer-risk/
What is Risk Transfer? Risk transfer is a risk management technique where risk is transferred from your organization to a third party. Transferring risk means…
https://www.zengrc.com/blog/how-to-protect-against-ransomware-as-a-service-raas/
Ransomware-as-a-Service (RaaS) models let cyber criminals extort the companies they target by stealing data with malicious code. Learn what you can do. What…
https://www.zengrc.com/blog/applying-big-data-to-risk-management/
To understand how big data can be used in managing organizational risk, it’s helpful to review essential principles of risk management.
https://www.zengrc.com/blog/phishing-vs-spear-phishing-tactics-protection/
Staying a step ahead of cybercriminals is a difficult task. However strong your security program may be, hackers work constantly to breach your defenses and…
https://www.zengrc.com/blog/what-are-hipaa-standards-for-transactions/
The Department of Health and Human Services (HHS) defines a transaction as an electronic exchange of information between two parties, to carry out financial or…
https://www.zengrc.com/blog/what-is-an-it-security-audit/
Asking "what is an IT security audit" might get you a much longer answer than you think. This primer explains everything you need to know.
https://www.zengrc.com/blog/protecting-your-data-from-ransomware/
Are you protecting your data from ransomware? SOC 2 audits and carefully crafted service-level agreements can mitigate the risks.
https://www.zengrc.com/blog/what-is-nist/
NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce,…
https://www.zengrc.com/blog/risk-management-in-the-retail-industry/
Risk management is about much more than security cameras and insurance policies. Retail stores, whether brick-and-mortar stores or e-commerce sites are...
https://www.zengrc.com/blog/how-to-address-critical-third-party-risk-in-your-business/
This article first appeared on Forbes.com on April 13,2021. During the past year, IT and security concerns have increased dramatically, shifting in unpredictab…
https://www.zengrc.com/blog/reciprocity-and-zengrc-win-four-cyber-defense-magazine-infosec-awards/
Recognized for Compliance, IT Vendor Risk Management, Risk Management, and Third Party Risk Management SAN FRANCISCO – May 18, 2021 – Reciprocity, a leader in…
https://www.zengrc.com/blog/five-ways-grc-visibility-drives-operational-confidence/
You don’t know what you don’t know. When it comes to managing enterprise GRC, truer words were never spoken. While some may believe that ignorance is bliss,…
https://www.zengrc.com/blog/what-is-vulnerability-management-under-iso-27001/
Learn about the best practices for vulnerability management in regards to ISO 27001. What is vulnerability management? Vulnerability management is…
https://www.zengrc.com/blog/four-ways-zero-trust-will-improve-security-at-businesses/
This article first appeared on SCMagazine.com on March 30, 2021. During the pandemic last year the brilliance of information security personnel was on full…
https://www.zengrc.com/blog/reciprocity-experiences-record-breaking-results-in-first-quarter-2021/
SAN FRANCISCO – May 4, 2021 First Quarter 2021 Highlights 114% YoY increase in net new ARR, up 15% QoQ 41% YoY increase in total sales Reciprocity,…
https://www.zengrc.com/blog/simplify-audits-with-good-control-testing-habits/
The critical path for every audit is evidence collection. You can’t test controls until you gather the evidence - and with each piece of evidence…
https://www.zengrc.com/blog/employee-spotlight-jenny-victor-vp-of-marketing/
As Reciprocity’s Vice President of Marketing, Jenny spends her days overseeing the planning, development and execution of the company’s marketing and go-to-mark…
https://www.zengrc.com/blog/top-considerations-for-compliance-management-software/
Once upon a time, organizations could manage their regulatory compliance burdens with manual processes and standard desktop technology tools. Many organization…
https://www.zengrc.com/blog/soc-2-readiness-assessments-definition-getting-started/
Is your organization ready for a SOC 2 audit? Learn how to get ready for your audit by conducting a SOC 2 readiness assessment. What is…
https://www.zengrc.com/blog/what-the-retail-industry-should-know-about-pci-compliance/
This short guide to definitions and first steps help retailers learn the basics of PCI DSS compliance to help them begin the process.
https://www.zengrc.com/blog/what-is-the-hipaa-breach-notification-rule/
Learn all about the HIPAA breach notification rules and how you can best protect your business by being ready to comply with anticipated 2021 HIPAA…
https://www.zengrc.com/blog/the-benefits-of-a-good-total-quality-management-system/
What precisely is a quality management system (QMS), and what does it do? QMS is a management system meant to formalize documents, processes, protocols…
https://www.zengrc.com/blog/how-cybersecurity-works-to-keep-your-data-safe/
What Is Cyber Security and How Does It Work? Cybersecurity is the practice of protecting computer systems, sensitive data, and networks from unauthorized…
https://www.zengrc.com/blog/compliance-considerations-for-robotic-process-automation/
Robotic process automation (RPA) helps organizations to better navigate the complexities of achieving and maintaining compliance in the rapidly evolving…
https://www.zengrc.com/blog/make-data-driven-security-risk-management-decisions/
Discover the importance of making data-driven security risk management decisions for your business or organization. What is security risk management? Security…
https://www.zengrc.com/blog/why-zero-trust-is-critical-to-protecting-your-business-2/
This week another data breach hit the news. Considering that 2020 saw close to 4,000 publicly disclosed data breaches, there’s probably another 75 that didn’t…
https://www.zengrc.com/blog/how-to-simplify-state-and-local-government-incident-management/
OUR GRC EXPERT SHARES HIS REAL-WORLD EXPERIENCES Running an Incident Management Program for state or local governments means you must be able to effectively…
https://www.zengrc.com/blog/why-zero-trust-is-critical-to-protecting-your-business/
This week another data breach hit the news. Considering that 2020 saw close to 4,000 publicly disclosed data breaches, there’s probably another 75 that didn’t…
https://www.zengrc.com/blog/how-to-create-a-plan-of-action-milestones-poam/
Cybersecurity risks are always changing, and even with continuous monitoring it can be difficult to know which areas of your IT system need your attention…
https://www.zengrc.com/blog/do-you-need-a-vulnerability-disclosure-program/
The U.S. Federal Trade Commission (FTC) recently stated that organizations should begin to incorporate vulnerability disclosure programs (VDPs), which allow…
https://www.zengrc.com/blog/using-cybersecurity-to-protect-sensitive-healthcare-data/
Sensitive corporate data is always a prime target for data breaches. The healthcare industry is no exception, and the compliance obligations a healthcare firm…
https://www.zengrc.com/blog/what-is-grc-implementation/
All businesses need to address risk management and regulatory compliance obligations, and a GRC framework — “GRC” meaning governance, risk, and compliance —…
https://www.zengrc.com/blog/how-to-develop-legal-compliance-management-policies/
Every business is guided by laws and regulations. Some regulations may be industry-specific, such as for banks or broker-dealer firms. Other regulations apply…
https://www.zengrc.com/blog/a-simple-way-to-scale-risk-and-compliance-programs/
An essential objective of any business is growth, which can be measured in any number of ways: increased profit, revenue, capacity, number of employees, even…
https://www.zengrc.com/blog/privacy-by-design-why-we-should-care/
Could privacy by design (PbD) principles benefit your efforts to protect consumer and employee privacy? What Is Privacy by Design? Privacy by…
https://www.zengrc.com/blog/building-customer-trust-starts-with-information-security/
2020 was quite the year. While the pandemic slowed operations across many industries, one group that didn’t take a break: cyberattackers. Breaches, identity…
https://www.zengrc.com/blog/thoughts-from-the-ceos/
This article first appeared on radicalcompliance.com March 22, 2021 Gorgeous spring weather finally arrived in Boston this weekend, so like any sensible…
https://www.zengrc.com/blog/youve-been-breached/
IS YOUR INCIDENT RESPONSE POLICY PRIMED AND READY? If your IT infrastructure is compromised, there’s no time to question what to do next. It’s critical that…
https://www.zengrc.com/blog/whats-the-state-of-your-infosec-policy/
FINE-TUNE AND ADAPT YOUR POLICY TO BOOST CYBERSECURITY To protect your organization’s IT assets and resources, an Information Security policy is a critical…
https://www.zengrc.com/blog/top-ways-to-protect-your-business-from-risk/
Every business is vulnerable to risk, and especially from security threats. Whether you have valuable internal data such as trade secrets or intellectual…
https://www.zengrc.com/blog/is-automation-the-ideal-regulatory-compliance-management-solution/
It doesn't matter whether you’re a financial adviser, the CEO of a healthcare organization, or manager of multi-level IT projects: to develop a successful…
https://www.zengrc.com/blog/how-to-determine-the-roi-of-compliance/
Calculating the return on investment (ROI) for a corporate compliance program isn’t easy. Clearly the potential damage from a cybersecurity threat can be…
https://www.zengrc.com/blog/do-you-need-vendor-risk-management-software/
Whether you’re a small business or a large enterprise, a vendor risk management program, also known as third-party risk management (TPRM), is critical to the…
https://www.zengrc.com/blog/reciprocity-named-leader-on-g2-spring-2021-grid-report-for-sixth-consecutive-quarter/
ZenGRC Designated ‘Leader’ and ‘Users Love Us’ Among GRC Platforms SAN FRANCISCO – March 25, 2021 – Reciprocity, a leader in information security risk and…
https://www.zengrc.com/blog/how-to-make-the-business-case-for-compliance/
Making the business case for compliance is never an easy task. That challenge is all the more true during difficult economic times, when businesses might…
https://www.zengrc.com/blog/how-to-manage-social-media-compliance/
Social media compliance is the work of assuring that your company’s social media accounts and the accounts of your employees meet both your own brand…
https://www.zengrc.com/blog/what-is-privacy-by-design/
Learn all about privacy by design (PbD) and how you can integrate the philosophy within your business. Privacy by Design and its Purpose Privacy by design…
https://www.zengrc.com/blog/what-is-vulnerability-scanning-in-cybersecurity/
Any organization that takes risk management and security information and event management (SIEM) seriously must embrace routine cybersecurity controls and data…
https://www.zengrc.com/blog/what-to-know-about-virginias-consumer-data-protection-act/
The state of Virginia signed a new consumer privacy law into effect on March 2, 2021: the Consumer Data Protection Act, more commonly known as…
https://www.zengrc.com/blog/how-to-respond-to-a-data-breach-policy-template/
As innovation in information technology continues to evolve, that means online criminals can also get more sophisticated with their attacks, and the number of…
https://www.zengrc.com/blog/tips-for-meeting-hipaa-compliance-documentation/
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires healthcare organizations, as well as any other “covered…
https://www.zengrc.com/blog/how-state-governments-can-improve-cybersecurity/
State governments aren’t invincible to cyberattacks. If your state agency handles sensitive information, follow these tips for cybersecurity in the public…
https://www.zengrc.com/blog/how-to-manage-risks-in-telemedicine/
Digital transformation has changed the landscape of many businesses, and the healthcare industry is just one of many examples. Often referred to as “telehealth”…
https://www.zengrc.com/blog/what-is-assessment-and-authorization-aa/
As technological innovation continues to evolve, so do the nature and severity of cybersecurity threats. This makes robust information security controls and…
https://www.zengrc.com/blog/cmmc-vs-nist-whats-the-difference/
If your firm is a government contractor working with the U.S. Department of Defense, or works anywhere in the DoD supply chain, brace for big…
https://www.zengrc.com/blog/security-awareness-5-ways-to-educate-employees/
When you want to create (or revive) a strong culture of cybersecurity, security awareness training for employees is the best place to start. The challenge is…
https://www.zengrc.com/blog/reciprocity-and-zengrc-honored-with-industry-accolades-for-information-security-risk-and-compliance/
Recognized in Four Categories by Cybersecurity Excellence Awards Named Grand Trophy Winner in Cyber Security Global Excellence Awards SAN FRANCISCO –…
https://www.zengrc.com/blog/how-to-approach-compliance-documentation-for-soc-2/
Compliance audits require copious amounts of documentation. A SOC 2 audit for cybersecurity controls is no different. When the auditing team arrives to…
https://www.zengrc.com/blog/cmmc-mapping-for-existing-compliance-frameworks/
Defense contractors and their subcontractors are now expected to undergo a third-party audit to validate CMMC compliance and confirm that all NIST 800-171…
https://www.zengrc.com/blog/system-security-plans-for-cmmc-do-you-need-one/
In 2020 the U.S. Department of Defense (DoD) declared that any business providing products or services to the DoD or its supply chain will need…
https://www.zengrc.com/blog/employee-spotlight-emil-cano-it-engineer/
Emil is the person you want on speed dial. Our IT Engineer since 2019, Emil keeps Reciprocity up and running, making sure our infrastructure, systems…
https://www.zengrc.com/blog/3-steps-to-get-on-the-path-to-audit-success/
When you’re running a compliance program, audits come with the territory. Costly and time-consuming, you want to make sure you get your audit right and…
https://www.zengrc.com/blog/checklist-for-making-hipaa-compliant-software/
Anyone developing software for the healthcare industry faces the constant need to comply with the Health Insurance Portability and Accountability Act—more…
https://www.zengrc.com/blog/cloud-computing-security-challenges-and-considerations/
As a growing number of companies shift operations to cloud environments or modernize their systems using cloud-based applications, the security of cloud…
https://www.zengrc.com/blog/what-is-a-pci-compliance-manager/
Regulatory compliance is about conforming to governance, operating standards, and laws. To achieve it, organizations must ensure that they are aware of each…
https://www.zengrc.com/blog/compliance-managers-role/
What is a compliance manager? They are the C-3PO for your organization, keeping your protocols organized. To do the job well, a compliance officer needs compliance management software, the audit version of R2D2.
https://www.zengrc.com/blog/new-cio-study-grc-challenges-and-priorities-for-2021/
An incredibly powerful economic force, mid-market organizations employ more than one quarter of the U.S. workforce. They were integral to driving the economy…
https://www.zengrc.com/blog/reciprocity-bolsters-executive-leadership-team-to-make-strategic-impact-on-sales-marketing-and-customer-initiatives/
New Senior Vice President of Sales, Vice President of Marketing, Vice President of Customer Success Join to Accelerate Growth SAN FRANCISCO – February 17…
https://www.zengrc.com/blog/risk-management-three-lines-of-defense/
The Institute of Internal Auditors' (IIA) new Three Lines Model for risk management helps organizations to identify the structures and processes that help…
https://www.zengrc.com/blog/how-to-create-an-acceptable-use-policy/
The internet. The World Wide Web. It’s unlikely there’s a company in existence that doesn’t rely on the internet to drive its operations, empower its…
https://www.zengrc.com/blog/rising-cost-compliance/
The rising cost of compliance requires a solution. GRC automation helps to lower those costs by streamlining tasks and saving time.
https://www.zengrc.com/blog/risk-management-in-local-government/
Municipal governments face many of the same risks as private sector businesses—and then some. While all businesses exist to increase revenue and profits, the…
https://www.zengrc.com/blog/gitlab-selects-reciprocitys-zengrc-for-information-security-risk-and-compliance/
ZenGRC Outperformed Competition on Fast Time to Value, Increased Efficiencies, and Ease of Onboarding SAN FRANCISCO – February 10, 2021 – Reciprocity, a…
https://www.zengrc.com/blog/how-to-budget-for-your-compliance-program/
An effective compliance program can be a significant financial investment—one that the board of directors might have a hard time justifying, if directors…
https://www.zengrc.com/blog/does-fisma-apply-to-state-governments/
FISMA, or the Federal Information Security Management Act of 2002, is part of the E-Government Act—a federal law in the United States, enacted by Congress,…
https://www.zengrc.com/blog/what-is-the-difference-between-operational-resilience-and-business-continuity/
When creating plans for your organization’s response to an unexpected or disruptive event, one size does not fit all.A global pandemic, cybersecurity attacks…
https://www.zengrc.com/blog/word-on-the-street-top-5-infosec-predictions-for-2021/
This past year has been, definitively, the most transformative time in infosec’s history. With entire workforces unpredictably shifting to required remote…
https://www.zengrc.com/blog/big-data-healthcare/
Big Data in healthcare requires not only getting all the information but protecting it. Effectively using Big Data means ya gotta catch 'em all.
https://www.zengrc.com/blog/good-governance-in-the-public-sector/
The public sector faces expectations for good governance, regulatory compliance, and risk management just like any other industry. Indeed, given the heightened…
https://www.zengrc.com/blog/how-to-perform-a-hipaa-risk-assessment/
Healthcare is among the most highly regulated industries in the United States. Hospital systems, medical practices, and related healthcare organizations…
https://www.zengrc.com/blog/email-retention-policy/
Businesses and other organizations must store employees’ email communications for several reasons. Some of those reasons are practical, such as for marketing…
https://www.zengrc.com/blog/zengrc-named-2021-governance-risk-and-compliance-emotional-footprint-award-champion/
Reciprocity Scores 93% average in Vendor-Client Relationship ZenGRC Scores 89% average in Product Effectiveness SAN FRANCISCO – February 4, 2021 –…
https://www.zengrc.com/blog/the-importance-of-asset-management-compliance-in-2021/
When the COVID-19 pandemic arrived in 2020, it forced many financial services and investment management companies to implement new technology quickly:…
https://www.zengrc.com/blog/tips-for-effective-vendor-contract-management/
All businesses contract with vendors and service providers, either routinely or periodically, for services that they can not do themselves. This can be…
https://www.zengrc.com/blog/clean-desk-policy-quick-guide-definition/
Today's clean desk policy is about a bit more than wiping down the computer screen and cleaning crumbs out of the keyboard at the end…
https://www.zengrc.com/blog/iso-standard-risk-management-medical-devices/
The International Organization for Standardization (ISO) drafts business management standards that any organization can use to identify and mitigate risk. The…
https://www.zengrc.com/blog/report-risk-and-compliance-data-with-business-intelligence-integration/
An interconnected system of governance, risk, and compliance (GRC) is crucial for establishing transparency, trust, and regulatory compliance in today’s…
https://www.zengrc.com/blog/what-is-risk-management-in-project-management/
Risk management in project management applies equally to compliance management. Thus, companies need to enable compliance teams with automated tools to support agile across teams.
https://www.zengrc.com/blog/the-importance-of-risk-management/
In business and in life, fear of the unknown can leave us paralyzed and unable to act. What is known, on the other hand—that's more…
https://www.zengrc.com/blog/2021_edelman_report_businesses_have_trust/
This article first appeared on radicalcompliance.com January 13, 2021The Edelman Trust Barometer for 2021 just dropped today, and it continues to…
https://www.zengrc.com/blog/iso-31000-principles-of-risk-management/
ISO 31000, Principles of Risk Management, is a set of guidelines drafted by the International Organization for Standardization to help organizations...
https://www.zengrc.com/blog/sync-compliance-tasks-for-workflows-and-ticketing/
To manage risk and compliance efficiently, it’s important that your organization’s real-time “ To Do” list of compliance tasks be as simple and straightforward…
https://www.zengrc.com/blog/reciprocity-introduces-zenmaster-customer-program/
New Opportunity for ZenGRC Power Users to Gain Access to Unique Benefits Designed to Enable their Success SAN FRANCISCO – January 21, 2021 – Reciprocity, the…
https://www.zengrc.com/blog/simplify-evidence-collection-with-zengrc-integration-for-google-drive/
Evidence collection is one of the most important and difficult parts of a successful compliance program, and one of the best ways your organization can…
https://www.zengrc.com/blog/fetch-audit-evidence-with-splunk-integration-for-zengrc/
Preparing your organization for an external audit can be a difficult and time-consuming process. One of the hardest parts: collecting audit evidence. External…
https://www.zengrc.com/blog/how-to-create-an-information-security-questionnaire-for-vendors-reciprocity/
Information security questionnaire (also known as a vendor risk assessment questionnaire or vendor security assessment questionnaire) is a standardized set of questions used for the purpose of vetting vendors and managing third-party risk.
https://www.zengrc.com/blog/why-segregation-of-duties-is-important-for-information-security/
Segregation of duties can be a tricky concept for many business owners. For example, if Adam knows how to do systems administration and handles corporate…
https://www.zengrc.com/blog/effective-bring-your-own-device-policy/
Building an effective Bring Your Own Device policy can be one of the keys to security success in an increasingly mobile world.
https://www.zengrc.com/blog/tips-for-successful-security-awareness-training/
As companies increasingly rely on cloud computing for most operations, information security is more important than ever. While not everyone on your team has to…
https://www.zengrc.com/blog/what-elements-should-an-effective-fcpa-program-include/
The U.S. Foreign Corrupt Practices Act (FCPA) sounds like something straight out of a spy thriller. The bad guys try to get over on the…
https://www.zengrc.com/blog/terminology-for-iso-9001-audits/
ISO 9001:2015 is the current standard for Quality Management Systems, as adopted by the International Organization for Standardization (ISO).
https://www.zengrc.com/blog/how-to-implement-qms-in-an-organization/
QMS in an organization that’s highly regulated, faces FDA scrutiny, the ISO is considered the international standard for an effective QMS.
https://www.zengrc.com/blog/what-are-the-14-iso-27001-control-sets-of-annex-a/
ISO 27001, or ISO/IEC 27001, is an international standard that describes how organizations should adopt an information security management system (ISMS). It…
https://www.zengrc.com/blog/what-should-you-include-in-a-successful-supply-chain-risk-management-plan/
2020 visited a host of challenges on businesses around the world, but one was as jarring as the empty supermarket shelves that appeared around the…
https://www.zengrc.com/blog/top-4-infosec-trends-for-2021/
Adaptability. This would prove to be the top requirement for businesses to survive 2020. By mid-March, virtually every employee around the globe found…
https://www.zengrc.com/blog/healthcare-data-security-why-its-important/
The security of healthcare data doesn't always get the same consideration as other types of cybersecurity. Perhaps that shouldn't be surprising: the stakes in…
https://www.zengrc.com/blog/data-governance-for-regulatory-compliance-data-protection/
The speed of technology advancement has made it easier than ever to share information throughout corporations, and the sheer volume of the data at your…
https://www.zengrc.com/blog/how-to-make-business-continuity-and-disaster-recovery-plans/
Creating a business continuity and disaster recovery plan is a crucial part step to developing a robust, mature information security program. Sometimes…
https://www.zengrc.com/blog/cost-effective-risk-project-management-methods-to-consider/
Tackling risk management effectively takes time, energy, and critical thinking about your organization’s processes and goals. While it may feel like a big…
https://www.zengrc.com/blog/emerging-risks-facing-the-financial-services-industry-in-2021/
Emerging risks facing the financial services industry arising from digital transformation require continuous monitoring to ensure security.
https://www.zengrc.com/blog/the-role-of-information-security-risk-management-in-healthcare/
While historically, healthcare risk management strategies revolved around patient safety and reducing medical errors, it’s far more complex today. Beyond…
https://www.zengrc.com/blog/what-are-the-elements-of-a-successful-compliance-management-system/
Achieving a successful compliance management system (CMS) requires two primary elements: sufficient management oversight and a robust compliance program. By…
https://www.zengrc.com/blog/get-automatic-compliance-alerts-from-your-cloud-environment/
Staying on top of compliance requirements can be challenging for many organizations. Prioritize this task by setting automatic compliance alerts from your…
https://www.zengrc.com/blog/internal-audit-checklist-for-document-control/
Centuries ago, when the church bells sounded, oftentimes it wasn't a call for the good town folks to gather for their weekly prayers. Byzantines made…
https://www.zengrc.com/blog/internal-control-checklist-for-your-small-business/
In the 2020 Report on the Nations, the Association of Certified Fraud Examiners (ACFE) estimates that, on average, organizations lose 5% of total revenues to…
https://www.zengrc.com/blog/internal-audit-checklist-for-banks/
Sound corporate governance. Transparency. Accountability to stakeholders. Superior enterprise risk management system. Internal control over financial reporting…
https://www.zengrc.com/blog/internal-audit-data-analytics/
Technology continues to advance at the speed of light. Keeping tabs on the zettabytes of information in a digital data-driven society is akin to exploring…
https://www.zengrc.com/blog/objectives-of-internal-control-in-auditing/
Upon hearing the words "internal audit," does a cold finger of fear slither down your spine? Or perhaps the phrase evokes images of files and…
https://www.zengrc.com/blog/what-is-ccpa-data-minimization/
With enhanced information security becoming increasingly more urgent, privacy protection efforts are ramping up for many industries. One of the more recent…
https://www.zengrc.com/blog/how-to-improve-internal-controls/
Some people enjoy reading self-improvement books. Some are born home improvement gurus. Others are intent on learning ways to improve their company's internal…
https://www.zengrc.com/blog/auditing-documentation-control/
Consumers across the globe have come to expect certain standards of quality, whether it's milk in the refrigerator and the child safety harness in the…
https://www.zengrc.com/blog/taking-the-zero-trust-model-into-2021/
2020 forced companies to reevaluate almost every facet of their business. With budgets put on an indefinite freeze in March, sales teams saw their pipelines…
https://www.zengrc.com/blog/coso-objectives-within-soc-2/
Adopting to the ever-changing business landscape is a bit easier when the standards, guidelines, regulations, and controls adapt at scale. Since the first…
https://www.zengrc.com/blog/what-to-consider-when-planning-a-cybersecurity-risk-management-program/
It’s well-understood that computers, information technology, and the internet are here to stay. As wonderful as the internet may be, however, it would be…
https://www.zengrc.com/blog/how-to-determine-risk-appetite/
Risk appetite can vary wildly depending on the organization: At its core, it represents the amount of risk an organization is willing to take to…
https://www.zengrc.com/blog/end-of-year-2020-compliance-certification-roundup/
Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks. Here’s our January 2020 roundup of…
https://www.zengrc.com/blog/understanding-ssae-18-requirements/
Understanding SSAE 18 requirements means evaluating all the connections between your vendors, just as you would when playing Six Degrees of Kevin Bacon.
https://www.zengrc.com/blog/what-is-an-iso-27001-audit/
The first step in obtaining ISO 27001 certification is an audit of your existing information security management system (ISMS), resulting in an audit report. T…
https://www.zengrc.com/blog/vendor-risk-assessment-checklist/
When your organization enters into a working agreement with a new vendor, it’s important to audit and monitor that vendor through the lifecycle of the…
https://www.zengrc.com/blog/vendor-risk-management-checklist/
Along with creating a solid risk management plan for your organization, the same must be done for your organization’s third-party vendors. Anytime your…
https://www.zengrc.com/blog/small-business-guide-to-pci-compliance/
The Payment Card Industry Data Security Standard (PCI DSS) can be difficult to navigate for even large companies. For a small business owner with limited…
https://www.zengrc.com/blog/how-to-comply-with-pci-requirements/
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a paramount priority for any company that processes credit card data. Why?…
https://www.zengrc.com/blog/user-behavior-analysis-101/
Everything you need to know on user behavior analysis. Discover why UBS software helps you, how to research UBA software, and how to choose a system.
https://www.zengrc.com/blog/what-you-should-know-about-pci-dss-penetration-testing/
As with everything else PCI DSS, the penetration testing prescriptions give direct objectives to help guide organizations towards compliance.
https://www.zengrc.com/blog/why-is-cloud-security-important/
Cloud computing is an increasingly attractive strategy for companies that need versatile, affordable solutions for data storage and processing. The idea — to…
https://www.zengrc.com/blog/zengrc-demonstrates-industry-leadership-with-15-consecutive-quarters-of-recognition-on-g2-winter-2020-grid-report-for-grc-platforms/
100% of Users Rate ZenGRC Four or Five Stars SAN FRANCISCO – December 16, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading information…
https://www.zengrc.com/blog/internal-control-review-process/
What Is an Internal Control Review Process? Internal control review is a company's process to evaluate the business practices it has designed and implemented…
https://www.zengrc.com/blog/developing-a-risk-management-plan-a-step-by-step-guide/
Whether you’re planning a specific project or overseeing crisis management for the whole organization, you need to be prepared for the chance of something…
https://www.zengrc.com/blog/forrester-2021-predictions/
Accelerating out of the Crisis The COVID-19 pandemic changed how companies do business in fundamental ways. Digital companies, remote workforces, and others…
https://www.zengrc.com/blog/pci-rules-for-handling-cvv-data/
We've talked quite a bit about PCI DSS and PCI compliance recently. Today we want to talk about some of the requirements for storing particular…
https://www.zengrc.com/blog/corporate-ethics-and-compliance-management-best-practices/
Corporate ethics and corporate compliance operate in similar spheres, but with subtle differences. They are frequently paired together, but they are…
https://www.zengrc.com/blog/preparing-for-a-pci-dss-audit/
An audit of your cybersecurity according to the Payment Card Industry Data Security Standard (PCI DSS) is a complicated but necessary procedure for modern…
https://www.zengrc.com/blog/what-is-coso-guidance-for-health-care-providers/
What is COSO Guidance for Health Care Providers? The COSO Internal Control-Integrated Framework: An Implementation Guide for the Healthcare Provider…
https://www.zengrc.com/blog/12-steps-to-prepare-for-new-data-privacy-legislation/
After one of the most difficult economic years in U.S history, businesses are bracing themselves for what challenges 2021 will bring. With a new administration…
https://www.zengrc.com/blog/reciprocity-launches-new-channel-partner-program/
Reseller Program Developed to Meet Increasing Customer Need for GRC as Critical Component of Information Security Programs SAN FRANCISCO – December 3, 2020 –…
https://www.zengrc.com/blog/tips-for-vulnerability-management-reporting-reciprocity/
A vulnerability management program is crucial when analyzing an organization’s security posture and devising a plan to remediate any flaws within its cybersecur…
https://www.zengrc.com/blog/december-2020-compliance-certification-roundup/
Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks. Here’s our December 2020 roundup of…
https://www.zengrc.com/blog/meaningful-changes-to-expect-in-pci-4-0/
The PCI Security Standards Council (PCI SSC) is developing the fourth iteration of its data security standard, commonly known as PCI DSS. This version 4.0…
https://www.zengrc.com/blog/pci-dss-project-planning-guidance-tips/
As businesses mature and expand, their data security responsibilities grow as well. Of particular concern to many organizations is PCI DSS: the Payment Card…
https://www.zengrc.com/blog/does-hipaa-apply-to-pharmacies/
Yes, HIPAA does apply to pharmacies. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, aims to protect the privacy of personal health…
https://www.zengrc.com/blog/responding-to-ccpa-requests/
Responding to consumer requests for personal information filed under the California Consumer Privacy Act (CCPA) may seem overwhelming at first. The CCPA was…
https://www.zengrc.com/blog/what-is-a-coso-internal-control-questionnaire/
A COSO internal control questionnaire is a document auditors use to help determine an organization's compliance with internal control system requirements…
https://www.zengrc.com/blog/difference-between-gdpr-and-iso-27001/
Many countries around the world have begun to pass legislation that regulates how businesses can collect and use consumer data, and that imposes certain…
https://www.zengrc.com/blog/why-is-the-reporting-of-control-procedures-required/
Section 404 of the Sarbanes-Oxley Act (SOX), a federal law enacted in 2002, requires every public company to report its internal control procedures for the…
https://www.zengrc.com/blog/vendor-offboarding-checklist-for-compliance/
Every vendor relationship your company strikes allow your business to save money and exploit new opportunities more efficiently. What’s more, every vendor…
https://www.zengrc.com/blog/how-to-implement-a-vulnerability-management-process/
Software solves many problems and improves many processes, but the code software depends on is never perfect. That fact of life leaves your software and…
https://www.zengrc.com/blog/november-2020-compliance-certification-roundup/
Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks Here's our November 2020 roundup of…
https://www.zengrc.com/blog/ken-lynch-for-forbes-use-these-six-agile-principles-to-manage-it-risk-right-now/
This article first appeared on Forbes.com Jul 22, 2020, 01:44pm EDT During the past four months, the business world has woken up again to the reality…
https://www.zengrc.com/blog/reciprocity-introduces-new-zengrc-risk-insight-capabilities/
Provides Deep Insights to Help Manage Risk Posture and Increase Overall Security SAN FRANCISCO – October 22, 2020 – Reciprocity, the company behind ZenGRC…
https://www.zengrc.com/blog/internal-control-review-vs-audit/
An internal control review is an overall assessment of your internal control system throughout all your business units to determine if it's working as intended…
https://www.zengrc.com/blog/reciprocitys-zengrc-wins-2020-cybersecurity-breakthrough-award/
Innovative infosec risk and compliance platform recognized as compliance software solution of the year SAN FRANCISCO – October 14, 2020 – Reciprocity, the…
https://www.zengrc.com/blog/october-2020-compliance-certification-roundup/
October 2020: Compliance Certification Roundup Each month, Reciprocity highlights companies that have earned compliance certifications for information security…
https://www.zengrc.com/blog/why-vulnerability-management-is-important/
We are all vulnerable, and becoming more so, it seems. Data breaches and system disruptions due to cyberattacks just keep rising, year after year. Finding…
https://www.zengrc.com/blog/pci-dss-risk-assessment-guidelines/
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for companies that handle credit and debit cards from the major…
https://www.zengrc.com/blog/what-is-a-pci-network-vulnerability-scan/
A PCI network vulnerability scan is an automated, high-level test that finds and reports potential vulnerabilities in an organization's network. Regardless of…
https://www.zengrc.com/blog/zengrc-confirms-industry-leadership-with-three-badges-on-g2-fall-2020-grid-report-for-grc-platforms/
Designated Leader, Momentum Leader, and Users Love Us SAN FRANCISCO – September 23, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading…
https://www.zengrc.com/blog/automate-evidence-gathering-with-vulnerability-management-integration/
Evidence gathering for vulnerability management programs has historically been made up of many manual tasks. Different individuals from separate teams…
https://www.zengrc.com/blog/september-2020-compliance-certification-roundup/
Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks. Here’s our September 2020 roundup of…
https://www.zengrc.com/blog/what-is-a-healthcare-data-breach/
A healthcare data breach is any disclosure of data that might compromise the privacy of patients' protected health information. Breaches of patient health data…
https://www.zengrc.com/blog/improve-workflow-collaboration-with-slack-integration-for-zengrc/
Not long ago, we'd say "slack" to describe not working, as in "slacking on the job." With the advent of the Slack app, though, the…
https://www.zengrc.com/blog/iso-27001-firewall-security-audit-checklist/
Because of additional regulations and standards pertaining to information security, including Payment Card Industry Data Security Standard (PCI-DSS), the…
https://www.zengrc.com/blog/what-is-a-pci-dss-risk-assessment/
A PCI DSS risk assessment is a formal process that companies use to identify threats and vulnerabilities that could have a negative effect on the…
https://www.zengrc.com/blog/reciprocity-named-a-challenger-in-the-gartner-2020-magic-quadrant-for-it-risk-management/
Reciprocity evaluated based on ability to execute and completeness of vision SAN FRANCISCO - August 20, 2020 - Reciprocity, the company behind the industry-lead…
https://www.zengrc.com/blog/august-2020-compliance-certification-roundup/
Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks. Here’s our August 2020…
https://www.zengrc.com/blog/iso-audit-tips/
During an internal International Organization for Standardization (ISO) audit, your company assesses its quality management system (QMS) to determine if it…
https://www.zengrc.com/blog/the-importance-of-iso-certification-in-manufacturing/
For organizations that manufacture any type of product, overall quality and customer satisfaction are extremely critical. This is particularly important for…
https://www.zengrc.com/blog/compliance-overview-for-the-cybersecurity-maturity-model-certification/
Cybersecurity Maturity Model Certification, drafted by the Department of Defense (DoD), is a new standard set to enhance supply chain security and...
https://www.zengrc.com/blog/what-is-a-security-risk-analysis/
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and their business associates conduct a security…
https://www.zengrc.com/blog/what-is-an-iso-27001-gap-analysis/
An ISO 27001 gap analysis allows companies to compare their current information security systems to the requirements of the ISO 27001 standard, giving them an…
https://www.zengrc.com/blog/how-much-does-a-pci-audit-cost/
An audit to determine your organization’s compliance with the Payment Card Industry Data Security Standard (PCI DSS) can cost $15,000 to $40,000, depending on…
https://www.zengrc.com/blog/network-security-audit-checklist/
Network Security Audit is an audit of all your network systems to make sure that potential security risks are eliminated or minimized.
https://www.zengrc.com/blog/reciprocity-experiences-rapid-growth-despite-global-technology-spending-slowdown/
ZenGRC Customer Base and Solution Usage See Exponential Growth in the Face of Pandemic-Related Budget Cuts SAN FRANCISCO - July 29, 2020 - Reciprocity, the…
https://www.zengrc.com/blog/what-is-a-pci-risk-mitigation-and-migration-plan/
A PCI DSS risk mitigation and migration plan is a document prepared by an organization that details its plans for migrating to a secure cryptographic…
https://www.zengrc.com/blog/what-is-security-awareness-training/
Security awareness training is an education process that teaches an organization’s workforce about information technology (IT) best practices, cybersecurity…
https://www.zengrc.com/blog/what-is-internal-control-review/
An internal control review is an overall assessment of an organization's internal control system across each business area to determine if it's functioning as…
https://www.zengrc.com/blog/what-are-the-coso-control-objectives/
COSO framework objectives are divided into three distinct disciplines: operations, reporting, and compliance. The goal behind internal control systems...
https://www.zengrc.com/blog/what-is-a-cmmc-audit/
The Cybersecurity Maturity Model Certification (CMMC) is a mandatory Department of Defense (DoD) initiative for contractors. Led by the Office of the Assistant…
https://www.zengrc.com/blog/what-is-the-cmmc-framework/
The Cybersecurity Maturity Model Certification (CMMC) is a mandatory initiative by the U.S. Department of Defense (DoD). The CMMC is a framework and standard…
https://www.zengrc.com/blog/zengrc-named-leader-and-gold-medalist-in-the-info-tech-softwarereviews-awards/
Survey Finds ZenGRC Very Highly Ranked by Users For Quality of Features and Training, and Ease of Customization and Implementation SAN FRANCISCO - July 14…
https://www.zengrc.com/blog/pci-audit-interview-questions/
PCI assessors bring their own unique blend of methods to perform an audit. Firms should be more than happy to walk through the way they perform an audit.
https://www.zengrc.com/blog/july-2020-compliance-certification-roundup/
Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our July 2020 roundup of…
https://www.zengrc.com/blog/what-is-an-internal-control-framework/
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a flexible framework for designing, implementing, and evaluating…
https://www.zengrc.com/blog/what-is-the-segregation-of-duties-as-it-relates-to-controls/
Segregation of duties (also known as separation of duties) is a key concept of internal controls that aims to prevent fraud and errors. The main concept…
https://www.zengrc.com/blog/top-strategies-for-digital-risk-protection/
Would you leave your business doors open and unlocked when no one is there? Of course not. So why would any organization with a digital…
https://www.zengrc.com/blog/zengrc-extends-leadership-momentum-with-three-badges-on-g2-summer-2020-grid-report-for-grc-platforms/
Recognized as Leader, Momentum Leader, Users Love Us, and Easiest To Do Business With SAN FRANCISCO – June 25, 2020 – Reciprocity, the company behind ZenGRC,…
https://www.zengrc.com/blog/what-is-hybrid-cloud/
Hybrid cloud uses a combination of two or more clouds using on-premises, private cloud, and third-party, public cloud services, such as Amazon Web Services…
https://www.zengrc.com/blog/what-is-nist-800-46/
Today, many employees choose to telework, also known as telecommuting. Although telework is an important option for employees, it also brings some cybersecurity…
https://www.zengrc.com/blog/what-are-the-cmmc-levels/
The Cybersecurity Maturity Model Certification (CMMC) framework consists of maturity processes and cybersecurity best practices from multiple cybersecurity…
https://www.zengrc.com/blog/how-to-adjust-business-continuity-plans-for-covid-19/
Business continuity planning entails drawing up contingency plans for continuing business operations and essential services in the event of emergency
https://www.zengrc.com/blog/reciprocitys-zengrc-wins-2020-fortress-cyber-security-award/
SAN FRANCISCO – June 16, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading information security risk and compliance solution, today announced…
https://www.zengrc.com/blog/june-2020-compliance-certification-roundup/
Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks. Here's our June 2020 roundup of…
https://www.zengrc.com/blog/how-the-coso-framework-helps-you-comply-with-sox/
COSO framework allows your directors and leadership to exercise judgment in designing, implementing, and adhering to the internal controls that are appro...
https://www.zengrc.com/blog/5-strategies-to-mitigate-business-risk-during-coronavirus/
Business risk in the United States may be higher during the novel coronavirus pandemic than at any time in our generation, making risk management a…
https://www.zengrc.com/blog/cybersecurity-hygiene-best-practices-during-covid-19-and-beyond/
Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) on April 8 issued a joint warning...
https://www.zengrc.com/blog/may-2020-compliance-certification-roundup/
Beginning this month, ZenGRC will highlight companies that have earned compliance certifications for information security frameworks. Here's our May 2020…
https://www.zengrc.com/blog/covid-19-importance-of-ethical-leadership-during-a-crisis/
COVID-19 pandemic, it’s happening at breakneck speed. Your employees and business partners need to know now, more than ever before, that they can trust...
https://www.zengrc.com/blog/reciprocity-announces-zengrc-connector-for-servicenow/
Customers Benefit from Tight Sync, Seamless Communication and Plug-and-Play Integration Between Popular Cloud-Based Solutions SAN FRANCISCO – May 20, 2020 –…
https://www.zengrc.com/blog/covid-19-user-access-management-best-practices/
As cybercriminals step up their efforts during the COVID-19 crisis to infiltrate your information systems, identity and access management (IAM)…
https://www.zengrc.com/blog/what-is-compliance-oversight/
Compliance Oversight is proactive and regularly monitors and evaluates the organization’s CMS with the emerging regulatory landscape.
https://www.zengrc.com/blog/risk-assessment-checklist/
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53. …
https://www.zengrc.com/blog/risk-management-process/
Risk Management Process aims to minimize the negative effects of unfortunate events on a project, program, or business or to prevent those events from...
https://www.zengrc.com/blog/coronavirus-themed-cyberattacks-to-watch-out-for/
Coronavirus isn’t the only plague affecting businesses. Cyberattacks are spreading, too, as malicious actors take advantage of interest in COVID-19 news...
https://www.zengrc.com/blog/7-pandemic-risk-management-tips-to-implement-now/
Risk Management right now can feel, to these organizations, like a frantic game of whack-a-mole: mitigate one risk, and another pops up.
https://www.zengrc.com/blog/the-difference-between-vulnerability-assessment-and-vulnerability-management/
Vulnerability Assessment and Vulnerability Management program can help your organization effectively deal with cybersecurity vulnerabilities.
https://www.zengrc.com/blog/what-compliance-lessons-can-we-learn-from-past-pandemics/
Pandemics in the past 100 years—several influenza pandemics including swine flu (H1N1) and Avian, or bird, flu, and HIV/AIDS—as well as an economic...
https://www.zengrc.com/blog/what-is-a-third-party-under-ccpa/
The California Consumer Privacy Act (CCPA), which went into effect January 1, 2020, took a different approach to how it defines a third party. The…
https://www.zengrc.com/blog/fcpa-compliance-checklist/
An FCPA compliance program checklist outlines the things an American company needs to check when it wants to do business in a foreign country to ensure...
https://www.zengrc.com/blog/what-is-cybersecurity-maturity-model-certification-cmmc/
The Cybersecurity Maturity Model Certification (CMMC), created by the Department of Defense (DoD), is a new standard that leverages the National Institute of…
https://www.zengrc.com/blog/what-is-a-dynamic-risk-assessment/
A Dynamic Risk Assessment (DRA) is a continuous process used in decision making to assess and analyze a work environment in real-time with the goal…
https://www.zengrc.com/blog/what-is-nist-special-publication-800-37-revision-2/
See how NIST SP 800-37 r2 guides security and privacy planning for information systems, with real-time monitoring and clear control selection.
https://www.zengrc.com/blog/what-is-a-cmmc-assessment/
The Cybersecurity Maturity Model Certification (CMMC) assessment is a mandatory component for organizations and Department of Defense contractors bidding on a…
https://www.zengrc.com/blog/reciprocity-expands-executive-leadership-team-with-new-coo-vice-president-of-product/
Enterprise and Cloud Software Veterans to Drive Customer Success, Sales, Marketing and Product for Information Security Risk and Compliance Leader SAN…
https://www.zengrc.com/blog/what-are-the-pci-dss-security-audit-procedures/
PCI DSS Audit Procedures are designed for use by a qualified security assessor (QSA) conducting an audit on merchants or service providers that are req...
https://www.zengrc.com/blog/pros-and-cons-of-the-fair-framework/
FAIR Framework is a risk management framework championed by the open group that enables organizations to analyze, measure, and understand risk.
https://www.zengrc.com/blog/zengrc-solidifies-leadership-position-with-five-badges-on-g2-spring-2020-grid-report-for-grc-platforms/
Honored as Leader, Easiest To Do Business With, Fastest Implementation, Momentum Leader, and Users Love Us SAN FRANCISCO – March 25, 2020 – Reciprocity, the…
https://www.zengrc.com/blog/what-are-sox-compliance-requirements/
SOX compliance is helping organizations verify that there are adequate controls protecting financial data and required for public entities and private en...
https://www.zengrc.com/blog/covid-19-response-and-preparedness-through-the-lens-of-risk-management/
Responding to a New, Global Threat The old adage warns “An ounce of prevention is worth a pound of cure.” The saying becomes even more pointed…
https://www.zengrc.com/blog/what-are-pipeline-security-guidelines/
The Department of Homeland Security’s (DHS) Transportation Security Administration’s (TSA) Pipeline Security Guidelines is a set of voluntary guidelines for…
https://www.zengrc.com/blog/reciprocitys-response-to-covid-19/
With the recent global pandemic of COVID-19, Reciprocity is taking appropriate actions to continue business and platform operations maintaining our uptime SLA…
https://www.zengrc.com/blog/business-continuity-checklist-for-planning-and-implementation/
Having a comprehensive business continuity plan (BCP) in place will help ensure that your business doesn't suffer any downtime in the event of a disaster,…
https://www.zengrc.com/blog/how-effective-vendor-risk-management-can-drive-your-business-forward/
Whether you're adding a point-of-sales system or incorporating cloud service providers into your business operations, you're continually adding new vendors to…
https://www.zengrc.com/blog/how-to-manage-technological-risks/
In all sectors, technology has become a vital aspect of operations and has transformed the workplace, but that dependence on technologies also poses a threat…
https://www.zengrc.com/blog/what-is-the-primary-objective-of-data-security-controls/
Effective information security management requires understanding the primary concepts and principles including protection mechanisms, change control/management…
https://www.zengrc.com/blog/how-is-cobit-related-to-risk-management/
COBIT is a framework developed by the Information Systems Audit and Control Association that can help you create and implement strategies around IT...
https://www.zengrc.com/blog/inherent-risk-in-the-retail-industry-what-you-should-know/
The retail industry is undergoing an incredible transformation as emerging technologies, omnichannel shopping, as well as digital and social media, compe
https://www.zengrc.com/blog/understanding-the-consequences-of-failing-pci-compliance/
PCI Compliance: What happens when an organization doesn't follow the rules as they should or they suffer a data breach because of negligence?
https://www.zengrc.com/blog/what-are-nist-data-center-security-standards/
The National Institute of Standards and Technology (NIST), a non-regulatory government agency that belongs to the U.S. Department of Commerce, is responsible…
https://www.zengrc.com/blog/what-is-the-vendor-security-alliance-questionnaire/
The Vendor Security Alliance (VSA), a coalition of companies committed to improving Internet security, created the Vendor Security Alliance questionnaire to…
https://www.zengrc.com/blog/what-is-nist-privileged-access-management/
Privileged access management (PAM) encompasses the cybersecurity strategies and technologies necessary to secure, monitor, and control privileged access…
https://www.zengrc.com/blog/what-is-holistic-risk-management/
Holistic Risk Management (HRM) is the practice of an organization's understanding at a deep level its risk, how risk components fit together, and how grouping…
https://www.zengrc.com/blog/10-best-practices-and-3-core-strategies-for-maintaining-pci-dss-compliance/
Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) is difficult, requiring as much as a year's work or even…
https://www.zengrc.com/blog/the-best-ways-to-maintain-pci-compliance/
The importance of ongoing vulnerability management cannot be overstated in an organization looking to maintain PCI compliance.
https://www.zengrc.com/blog/reciprocity-and-zengrc-honored-as-winner-of-four-cyber-defense-magazine-infosec-awards/
Recognized for Compliance, Risk Management, IT Vendor Risk Management, and Third Party Risk Management SAN FRANCISCO – February 24, 2020 – Reciprocity, the…
https://www.zengrc.com/blog/media-advisory-zengrc-at-the-rsa-conference/
Media Advisory SAN FRANCISCO – February 13, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading information security risk and compliance…
https://www.zengrc.com/blog/ccpa-exemptions-the-california-consumer-privacy-act-and-the-gramm-leach-bliley-act/
A change is coming for privacy protection. Are you ready? For the past twenty years, most financial services businesses fell under the requirements of…
https://www.zengrc.com/blog/what-is-ccpa-private-right-of-action/
The private right of action provision of the California Consumer Privacy Act (CCPA) is one of the penalties stipulated for non-compliance with the law. It…
https://www.zengrc.com/blog/the-debut-of-advanced-zengrc-risk-management/
Written by: Scott Nash, VP of Product ZenGRC’s mission is to connect the people, processes, and technologies critical to our customers information security…
https://www.zengrc.com/blog/reciprocity-debuts-advanced-zengrc-risk-management/
Provides Powerful Risk Management and Deep Insights Across Enterprise Risk Areas, Business and Information Security Applications, and Third-Party Vendors SAN…
https://www.zengrc.com/blog/what-is-the-gartner-magic-quadrant-for-integrated-risk-management/
The Gartner Magic Quadrant for Integrated Risk Management (IRM) evaluates software vendors that provide IRM solutions for various use cases. The 2019 Gartner…
https://www.zengrc.com/blog/what-is-risk-identification/
Risk identification is the first step in risk assessment or risk analysis, and a critical part of the risk management process. "You can't manage what you…
https://www.zengrc.com/blog/zengrc-looking-back-at-2019/
We had tremendous growth and accomplishments together in 2019. Thank you for a remarkable year! We look forward to continuing to provide our customers the…
https://www.zengrc.com/blog/top5-predictions-for-infosec-grc-in-2020/
January 1 ushers in a new year, a new decade, and new challenges—as well as new dimensions and re-ordering of existing challenges. ZenGRC’s Team of…
https://www.zengrc.com/blog/how-much-does-it-cost-to-become-pci-compliant/
How much does it cost to become compliant with the Payment Card Industry Data Security Standard (PCI DSS)? It is challenging to put a number…
https://www.zengrc.com/blog/top-risk-management-issues-facing-higher-education/
Institutions of higher education (IHEs) are besieged by risk, especially cybersecurity and information security risk. Risk management for these institutions is…
https://www.zengrc.com/blog/reciprocity-unveils-new-grc-software-package-featuring-advanced-capabilities-and-functionality/
SAN FRANCISCO Dec. 17, 2019 /PRNewswire/ -- Reciprocity, the company behind ZenGRC, the industry-leading information security risk and compliance solution…
https://www.zengrc.com/blog/hipaa-and-social-media-what-you-need-to-know/
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law before the rollout of major social media sites such as Facebook,…
https://www.zengrc.com/blog/what-is-sb-561-for-ccpa/
On May 16, 2019, the California Senate Appropriations Committee blocked Senate Bill 561, legislation that would have expanded a private right of action under…
https://www.zengrc.com/blog/what-is-the-difference-between-hipaa-and-ferpa/
HIPAA and FERPA are both federal laws designed to protect the privacy and security of individuals. The Health Insurance Portability and Accountability Act of…
https://www.zengrc.com/blog/what-is-risk-management-in-manufacturing/
Risk management in manufacturing refers to the unique challenges that the manufacturing industry faces in managing risks. Cybersecurity risks can be especially…
https://www.zengrc.com/blog/pci-certification-vs-compliance-what-is-the-difference/
Organizations are often left wondering what is the difference between a certification granted by representatives of the Payment Card Industry (PCI) and that of…
https://www.zengrc.com/blog/what-are-the-hitrust-maturity-levels/
The Health Information Trust Alliance (HITRUST) is the group that developed and maintains the Common Security Framework (CSF), a certifiable security framework…
https://www.zengrc.com/blog/what-is-cloud-security-control/
Cloud security control is a set of security controls that protects cloud environments against vulnerabilities and reduces the effects of malicious attacks. A…
https://www.zengrc.com/blog/what-is-a-pci-compliance-audit/
The Payment Card Industry Data Security Standard (PCI DSS) was designed to protect cardholder data. The PCI DSS requirements to become PCI compliant are well…
https://www.zengrc.com/blog/what-is-considered-a-hipaa-breach/
A HIPAA Breach is “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information,”…
https://www.zengrc.com/blog/what-are-the-nist-special-publications/
The National Institute of Standards and Technology Special Publications (NIST SP) primarily comprise recommendations and best practices for information…
https://www.zengrc.com/blog/what-is-hotel-risk-management/
Hotel risk management entails identifying, evaluating, prioritizing, and controlling risks to enterprises in the hotel industry. Hotel management faces several…
https://www.zengrc.com/blog/what-is-a-hitrust-audit/
A HITRUST assessment, or audit, helps healthcare organizations gauge their compliance with the Health Information Trust Alliance Common Security Framework…
https://www.zengrc.com/blog/what-is-information-security/
Information security refers to the securing of digital information from unauthorized access, alteration, theft, and use. Information security is often…
https://www.zengrc.com/blog/key-takeaways-from-the-ccpa-audit-webinar-with-dr-maxine-henry/
Dr. Maxine Henry, one of ZenGRC's renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data…
https://www.zengrc.com/blog/california-confidentiality-of-medical-information-act-vs-hipaa/
Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health…
https://www.zengrc.com/blog/what-are-information-security-threats/
Information security threats are actions or tools that cybercriminals use to cause data breaches of information systems. Their intent is usually data theft…
https://www.zengrc.com/blog/how-to-maintain-iso-9001-certification/
It's not easy for an organization to implement the International Organization for Standardization (ISO) 9001 and obtain an ISO certification for the standard…
https://www.zengrc.com/blog/what-is-the-nist-csf/
NIST CSF stands for the National Institute of Standards and Technology Cybersecurity Framework. The NIST CSF consists of best practices, standards, and…
https://www.zengrc.com/blog/sox-management-review-controls/
The Sarbanes-Oxley Act of 2002 (SOX) designates management review controls (MRCs) as one of the required internal controls. MRCs are the reviews of key…
https://www.zengrc.com/blog/who-does-the-fcpa-apply-to/
The Foreign Corrupt Practices Act’s (FCPA) anti-bribery provisions apply to: “Domestic concerns,” i.e., all companies incorporated in the United States, …
https://www.zengrc.com/blog/is-aws-hitrust-certified/
Currently, the Health Information Trust Alliance Common Security Framework (HiTRUST CSF) certifies 64 Amazon Web Services (AWS) services. These HiTRUST-certifie…
https://www.zengrc.com/blog/does-my-business-qualify-for-one-of-the-ccpas-exceptions/
FAQ: Does My Business Qualify for One of the CCPA’s Exceptions? Not every business must comply with the California Consumer Privacy Act (CCPA): It only seems…
https://www.zengrc.com/blog/what-is-cybersecurity/
Cybersecurity is the process of protecting computer systems, networks, devices, and sensitive data from cyberattacks, data breaches, and unauthorized access…
https://www.zengrc.com/blog/what-are-the-hipaa-laws/
The Health Insurance Portability and Accountability Act (HIPAA) enables the Secretary of the U.S. Department of Health and Human Services (HHS) to create and…
https://www.zengrc.com/blog/reciprocity-launches-first-of-its-kind-integrated-grc-platform/
SAN FRANCISCO, Aug. 27, 2019 - Reciprocity, the provider of leading information security risk and compliance solution, ZenGRC, today announced a first-of-its-ki…
https://www.zengrc.com/blog/introducing-zenconnect-for-zengrc/
ZenGRC + ZenConnect is the first and only integrated GRC solution that fosters a continuous flow of information between the systems, applications and peo...
https://www.zengrc.com/blog/preparing-for-an-iso-27001-and-27002-audit/
Getting your certification for ISO 27001 is a complex and time-consuming endeavor. But for many organizations, it’s worth the effort. That’s because ISO…
https://www.zengrc.com/blog/what-are-fedramp-levels/
The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that ensures that the proper level of information security is in place…
https://www.zengrc.com/blog/what-is-personal-data-under-gdpr/
What is personal data under GDPR? Article 4 of the European Union General Data Protection Regulation (GDPR) defines personal data as: “Information relating to…
https://www.zengrc.com/blog/which-pci-saq-do-i-need/
Which PCI SAQ Do I Need?Which of the nine Payment Card Industry Data Security Standard (PCI DSS) Self-Assessment Questionnaires (SAQs) your organization needs…
https://www.zengrc.com/blog/how-to-become-pci-dss-certified/
How to Become PCI DSS Certified The short answer to the question of achieving PCI DSS certification is: you can’t. There is no certificate attesting to…
https://www.zengrc.com/blog/pci-dss-testing-controls-and-gathering-evidence/
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is not easy to achieve. Quite the opposite, in fact: A 2017 Verizon report…
https://www.zengrc.com/blog/what-is-a-pci-audit/
What is a PCI Audit? A PCI audit examines the security of your organization’s credit-card processing system from beginning to end. During this process, a…
https://www.zengrc.com/blog/how-to-minimize-the-scope-of-your-pci-dss-audit/
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) and its 281 directives can be a time-consuming hassle. Fortunately, there are ways…
https://www.zengrc.com/blog/what-is-pci-compliance-level-4/
PCI Compliance Level 4 is the lowest level of compliance under the Payment Card Industry Data Security Standard (PCI DSS). Level 4 applies to merchants…
https://www.zengrc.com/blog/sox-compliance-and-private-companies-2/
The Sarbanes-Oxley Act is a U.S. federal law; all public companies doing in business in the United States must comply with the regulation. SOX compliance…
https://www.zengrc.com/blog/cobit-vs-itil/
COBIT versus ITIL Many organizations are looking at the COBIT and ITIL as different IT Framework services and trying to decide which one is best for…
https://www.zengrc.com/blog/internal-audit-checklist-for-your-manufacturing-company/
The manufacturing industry faces increasing scrutiny from regulatory agencies which means it needs to create an appropriate cybersecurity audit program.
https://www.zengrc.com/blog/what-are-internal-control-weaknesses/
Continuous monitoring for internal control weaknesses enables a stronger cybersecurity compliance program and enables rapid response to emerging threats.
https://www.zengrc.com/blog/what-you-need-to-know-about-californias-new-data-protection-law/
To comply with the CCPA and limit liability, businesses need to understand the requirements and their overarching data privacy implications.
https://www.zengrc.com/blog/workflow-automation-for-compliance/
Workflow automation for compliance not only eases the compliance manager's job but it also strengthens the compliance program.
https://www.zengrc.com/blog/how-to-audit-governance/
To audit governance over a cybersecurity program, companies need to document stakeholder communications to show that all parties have the needed information
https://www.zengrc.com/blog/the-responsibilities-of-a-compliance-manager/
The responsibilities of Compliance manager requires managing multiple regulations and standards, documentation of activities, and communication.
https://www.zengrc.com/blog/how-to-build-a-compliance-program/
Organizations looking to build a compliance program need to find a way to ensure governance and two-way communication for easing audit burdens.
https://www.zengrc.com/blog/audit-performance-metrics-measuring-internal-audit-performance/
These five audit performance metrics can help increase cybersecurity internal audit value and lower external IT audit costs.
https://www.zengrc.com/blog/how-to-improve-compliance-in-a-company/
When looking to improve compliance in a company, taking these seven steps can help better secure data and lead to stronger internal controls.
https://www.zengrc.com/blog/what-is-vendor-risk-management-2/
As more organizations incorporate third-party service providers to increase business performance, vendor risk management (VRM) has become more important. IT…
https://www.zengrc.com/blog/what-is-the-difference-between-hipaa-and-hitrust/
The Health Insurance Portability and Availability Act (HIPAA) establishes a set of security controls that govern information security in the healthcare…
https://www.zengrc.com/blog/what-is-ssae-18/
Defined loosely as an engagement to issue an examination, review, or procedures report on a subject matter, an attest engagement encompasses more review than…
https://www.zengrc.com/blog/what-is-hitrust-csf/
The non-profit, privately held company consisting of healthcare, technology, and information security leaders, Health Information Trust Alliance (HITRUST)…
https://www.zengrc.com/blog/what-is-an-ssae-18-report/
As part of Service Organization Controls (SOC) reporting, organizations need to engage in the audit process. The SSAE 18 audit standard, superseding the SSAE…
https://www.zengrc.com/blog/what-are-the-iso-standards/
In 1946, representatives from 25 countries gathered to discuss formalizing industrial standards to govern emerging technologies. On 23 February 1947, the…
https://www.zengrc.com/blog/ssae-18-changes/
Service Organization Controls (SOC) reports must meet the requirements set forth by the “Statements on Standards for Attestation Engagements” as part of their…
https://www.zengrc.com/blog/big-data-in-auditing-and-analytics/
As organizations seek to evolve their risk management strategies to drive stronger compliance programs, they increasingly seek to automate their…
https://www.zengrc.com/blog/higher-education-security-breaches-to-learn-from/
Higher education finds itself facing a threat to its financial security even larger than student retention - data breaches. As colleges and universities begin…
https://www.zengrc.com/blog/student-data-privacy-laws-by-state/
Most educators know about the federal student data privacy laws such as the Family Educational Rights and Privacy Act (FERPA) administered by the US Department…
https://www.zengrc.com/blog/understanding-the-california-privacy-law-requirements/
Poised as the US version of the GDPR, the California Consumer Privacy Act (CCPA) focuses on consumer control over data to protect users from data breaches.
https://www.zengrc.com/blog/understanding-the-types-of-risk-in-the-oil-gas-industry/
The unique cybersecurity risks facing the oil and gas industry involve focusing on Internet of Things, operational technology, and information technology.
https://www.zengrc.com/blog/what-is-hitrust-pay/
Business associates offering healthcare organizations payment processing can use HiTRUST certification to ensure payer security controls.
https://www.zengrc.com/blog/understanding-risk-assessment-in-the-manufacturing-industry/
A cybersecurity risk assessment in the manufacturing industry needs to focus on Supervisory Control Data Acquisition Systems (SCADA).
https://www.zengrc.com/blog/what-does-a-compliance-manager-do/
Your compliance manager does more than run through checklists. She also ensures that your company's policies, procedures, and processes maintain effective controls and that your employees comply with these internal documents.
https://www.zengrc.com/blog/what-are-the-5-components-of-the-coso-framework/
The 5 components of the COSO Framework enable variability and flexibility allowing organizations of all sized to create embedded enterprise risk management programs.
https://www.zengrc.com/blog/how-to-get-compliant-and-stay-agile/
Using a security-first approach to cybersecurity allows you to leverage the principles of agile to get compliant and protect your data environment.
https://www.zengrc.com/blog/gdpr-requirements-for-cookie-policies/
Creating a GDPR and ePrivacyDirective compliant cookies policy and notification requires understanding what cookies are and how you're using them.
https://www.zengrc.com/blog/how-to-ensure-compliance-with-policies/
Actions speak louder than words. Learn why and how employee compliance with corporate policies matters and read our five steps to establishing team member accountability.
https://www.zengrc.com/blog/ebook-compliance-management-best-practices/
Compliance management best practices require cross-departmental teams who can communicate effectively to mitigate risk and continuously monitor cybersecurity controls.
https://www.zengrc.com/blog/ebook-pci-dss-guide-to-scoping/
ZenGRC's PCI DSS scope guide offers you a walkthrough to determining what systems components are within your cardholder data environment.
https://www.zengrc.com/blog/risk-appetite-vs-risk-tolerance/
By determining your risk appetite, types and amounts of risk, and risk tolerance, variations of those risk, you can create a risk appetite statement to drive strategic decisions.
https://www.zengrc.com/blog/a-compliance-tracking-tool-roadmap/
Creating a compliance tracking tool roadmap is the same as creating a cross-country trip, complete with the need for research and a management system.
https://www.zengrc.com/blog/understanding-the-hitrust-certification-process/
HITRUST certification enables a more robust HIPAA compliance posture by engaging in a risk-based review and offering prescriptive controls to mitigate risks.
https://www.zengrc.com/blog/grc-management-software-buyers-guide/
What do you need from a GRC solution? Read about the GRC process and then download our Buyers' Guide to decide what solution best enables your compliance efforts.
https://www.zengrc.com/blog/what-is-a-risk-management-plan/
Get a step-by-step look at building a risk management plan, including how to assess risks, define responses, and stay proactive.
https://www.zengrc.com/blog/audit-requirements-for-private-companies-in-the-united-states/
Under the Generally Accepted Accounting (GAAP) principles, audit requirements for private companies in the US increasingly need to look a technology and cybersecurity for accurate financial reporting.
https://www.zengrc.com/blog/how-to-monitor-compliance/
If you want to monitor compliance, you need to ensure you have the right resources - human and tech - to protect your business from a data breach.
https://www.zengrc.com/blog/what-is-records-management-compliance/
Records management and compliance have become more integrated with information security as we collect more digital data making cybersecurity an important step in meeting requirements.
https://www.zengrc.com/blog/data-analytics-strategy-for-internal-audit-effectiveness/
Creating a data analytics strategy for internal audit program eases communication burdens, creates a task management workflow, and maintain continuous documentation for continuous audit practices.
https://www.zengrc.com/blog/guide-to-cobit-best-practices/
ISACA's COBIT 5 is the only business framework for IT offering a way for commercial, non-profit, and public sector enterprises to create a holistic, risk-based approach to data protection.
https://www.zengrc.com/blog/how-technology-helps-you-better-manage-compliance/
Understanding the variety of compliance technology solutions available can help you find the right one to enable your organization.
https://www.zengrc.com/blog/workflow-management-tips-for-your-vendor-risk-assessment-process/
Vendor risk management requires creating a well-organized workflow to respond to threats impacting the data ecosystem.
https://www.zengrc.com/blog/how-to-reduce-operational-risk-in-banking/
The Basel 4 Standardised Approach calculation de-incentivizes operational risk sensitivity-based capital analysis, but risk mitigation regulatory requirements aren't going anywhere.
https://www.zengrc.com/blog/how-connected-data-is-transforming-risk-management/
Maintaining a strong cybersecurity stance requires you to create a risk management program that incorporates the changes to information security arising out of the Internet of Things (IoT).
https://www.zengrc.com/blog/pci-log-management-requirements-for-cisos/
PCI audit log management under Requirement 10 seems overwhelming but these 21 steps (23 for service providers) can make it easier.
https://www.zengrc.com/blog/top-issues-facing-compliance-managers-in-the-oil-gas-industry/
Increasing risks arising out of the Industrial Internet of Things and legacy SCADA systems, mean the oil and gas industry must work towards securing its landscape.
https://www.zengrc.com/blog/role-of-compliance-officer-in-the-insurance-industry/
Compliance officers in the insurance industry need resources that streamline their risk management processes to ensure a robust cybersecurity compliance posture.
https://www.zengrc.com/blog/how-technology-helps-compliance-managers-keep-costs-down/
The OCC's Special Purpose National Bank decision means fintech companies and traditional financial services can both ease compliance cost burdens with the same technologies and here's why.
https://www.zengrc.com/blog/how-big-data-analysis-helps-compliance-business-leaders-make-better-decisions/
Big data, predictive analytics, and prescriptive analytics help lock down your IT environment to protect your information from external threats.
https://www.zengrc.com/blog/how-vendor-risk-management-can-impact-your-gdpr-compliance/
Risk exposure is indiscriminate, regardless to the size of the company. Now that GDPR is in full effect, organizations should be engaged in activities…
https://www.zengrc.com/blog/a-plan-to-help-you-successfully-manage-your-vendors/
An effective vendor management plan requires four steps to keep your organization safe from supply chain information security risks.
https://www.zengrc.com/blog/whos-really-responsible-for-third-party-vendor-breaches/
Third-party vendors, suppliers, and partners pose more risks to your reputation and bottom line than ever before. Recent surveys indicate as many as 63…
https://www.zengrc.com/blog/pci-compliance-network-segmentation-reciprocity/
PCI DSS compliance requires a review of all computers and networked systems that process, store or transmit data so you can ensure appropriate network segmentation.
https://www.zengrc.com/blog/the-most-important-part-of-gdpr-compliance/
Having the proper policies and procedures in place is key to GDPR compliance. Why? Because policies and procedures are the backbone of your organization, comprising set of shared standards designed to strengthen and support your organization’s success.
https://www.zengrc.com/blog/hipaa-violations-in-the-workplace-what-to-do-prevention-reciprocity/
Employers providing healthcare to their employees or requiring health information as part of disability benefits can violate HIPAA. Here's what you need to know.
https://www.zengrc.com/blog/heres-why-iso-certification-is-worth-it/
ISO certification helps companies promote a customer-focused enterprise risk management program for their information technology systems.
https://www.zengrc.com/blog/hipaa-password-requirements-how-to-comply-with-them/
HIPAA compliance requires strict attention to authentication and password management. The NIST Special Publication 800-63Band HITRUST CSF provide insights.
https://www.zengrc.com/blog/what-you-should-know-about-secure-controls-framework-scf/
Insight On Evolving Practices: Secure Controls Framework (SCF)Hackers share information on attack methods with other hackers, so why shouldn’t the good guys…
https://www.zengrc.com/blog/a-hipaa-technical-safeguards-risk-assessment-checklist/
The ONC Security Risk Assessment Tool incorporates 205 pages with 156 questions. This checklist helps organizations organize basic technology safeguards controls.
https://www.zengrc.com/blog/what-is-iso-certification-who-needs-it-why/
ISO standards 9001, 31000, and 27001 provide customer confidence in an organization's quality, management, and control over information technology.
https://www.zengrc.com/blog/coso-erm-vs-iso-31000/
This primer helps organizations trying to ease the burden associated with recent updates to the COSO ERM Framework and the ISO 31000 standard.
https://www.zengrc.com/blog/what-are-the-differences-between-cobit-coso/
COSO and COBIT 5 dovetail to ease IT governance concerns for organizations complying with SOX 404 financial reporting requirements
https://www.zengrc.com/blog/an-automated-approach-to-it-grc-management5403-2/
An automated approach to IT GRC management enables organizations to streamline the process by closing down communication silos and tracking important information easily.
https://www.zengrc.com/blog/an-automated-approach-to-sox-testing/
An automated approach to SOX testing includes automation of the controls as well as the documentation that the controls are effective.
https://www.zengrc.com/blog/heres-what-gdpr-means-for-your-business/
Most companies doing business with citizens of the EU, even if they have no presence inside the EU, must show compliance with the GDPR by May 25th. If your business collects, processes, or stores personal information about EU citizens living in the EU, the GDPR almost certainly applies to you.
https://www.zengrc.com/blog/why-international-womens-day-matters-to-information-security/
With women highly underrepresented in the information security environment, Reciprocity looks to focus on the accomplishments of a few women who have led the cybersecurity space.
https://www.zengrc.com/blog/security-awareness-training/
Despite the importance of security awareness training, employees often find themselves disengaged from security practices. Training sessions or webinars…
https://www.zengrc.com/blog/tracy-z-maleeff/
Tracy Z. Maleeff is a Cyber Analyst in a Security Operations Center for a global company and totally amazing woman in information security.
https://www.zengrc.com/blog/what-are-internal-controls-and-why-are-they-so-important/
What are internal controls and why are they so important? Because they are the Iron Man armor that protects your organization and ensures nonfraudulent financial reporting.
https://www.zengrc.com/blog/security-compliance/
Security and compliance are the Wonder Twins of information security, needing each other for their powers to activate and protect you from threats.
https://www.zengrc.com/blog/hipaa-compliance-audits-documentation-hungry-hungry-hipaa/
HIPAA compliance audits documentation may seem chaotic but with automation, you can organize your documents and easily access needed information.
https://www.zengrc.com/blog/emily-crose/
Emily Crose is a network security professional with a background in Intelligence and surveillance technologies. She is also an advocate for trans…
https://www.zengrc.com/blog/meltdown-spectre-and-compliance/
Meltdown, Spectre, and compliance overlap in significant ways that can help you monitor your organization's information security.
https://www.zengrc.com/blog/leah-figueroa/
Leah Figueroa transitioned from education to information security. Learn more about this knitter cybersec lady in Wednesday's Women in Infosec.
https://www.zengrc.com/blog/audit-management-software/
Audit management software and project management software do similar things, but just like a Ferrari and a Bugatti, they serve different purposes.
https://www.zengrc.com/blog/cybersecurity-dangers-repealing-net-neutrality/
While the increased cost of service has been discussed at length, we want to talk about the cybersecurity dangers of repealing net neutrality.
https://www.zengrc.com/blog/meg-layton-wednesdays-women-in-infosec/
Meg Layton, this month's Wednesday's Women in Infosec profile, is the person you want to beep when the IT apocalypse comes.
https://www.zengrc.com/blog/compliance-offers-internal-stakeholder-value/
Compliance offers internal stakeholders value. Using automation makes it easier to show them how information security is related to compliance.
https://www.zengrc.com/blog/risk-management-automation-and-customer-engagement/
Risk management automation and customer engagement build on one another and lead to better sales and long term profitability for your brand.
https://www.zengrc.com/blog/tiphaine-romand-latapie/
Tiphaine Romand-Latapie creates information security RPGs games and now leads a team of hackers at Airbus after having worked at Orange.
https://www.zengrc.com/blog/challenges-of-compliance-management/
The challenges of compliance management are increasing, not decreasing. Use a compliance management tool to help strengthen your cybersecurity stance.
https://www.zengrc.com/blog/7-challenges-compliance-manager/
The challenges of being an IT compliance manager compare to those the American Ninja Warriors face. Read how GRC tools can help you win at compliance.
https://www.zengrc.com/blog/cybersecurity-awareness-training-rpg/
A cybersecurity awareness training RPG helps teach the terms and skills necessary to understanding the different people involved in information security.
https://www.zengrc.com/blog/iphone-x-security/
With the iPhone X and security in the news, organizations must address FaceID, password management, and information security compliance concerns.
https://www.zengrc.com/blog/5-compliance-lessons-learned-equifax-breach/
While news outlets focus on customers, companies need to focus on the compliance lessons learned from the Equifax breach to protect themselves.
https://www.zengrc.com/blog/hitrust-framework-helps-hipaa-and-vendor-management/
The HITRUST Framework helps HIPAA and vendor management problems by creating a prescriptive and scalable way to protect PHI and ensure others do as well.
https://www.zengrc.com/blog/compliance-reporting-metrics/
Compliance reporting metrics offer stakeholders a shared language for assessing compliance. ISO 27004:2016 provides guidelines for quantitative analysis.
https://www.zengrc.com/blog/segregation-of-duties-in-it/
ISO/IEC 27001 requires segregation of duties in IT to be compliant. Audit and automation can help with the separation of functions to achieve compliance.
https://www.zengrc.com/blog/christine-bejerasco/
This month's Wednesday's Women profiles Christine Bejerasco, senior manager and service lead for F-Secure's SAFE PC, who has worked in infosec since 2003.
https://www.zengrc.com/blog/defcon-2017-roundup-7-lessons/
Defcon 2017 roundup: lessons from the 25th annual hacker convention have a lot to teach information security professionals.
https://www.zengrc.com/blog/nist-800-53-fedramp/
NIST 800-53 and FedRAMP act as the peanut butter and jelly of governmental compliance fundamentals. While NIST 800-53 sets out prescriptive controls for data…
https://www.zengrc.com/blog/third-party-security-risk-management/
Third party security risk requires effective and efficient management. Read how you can achieve that with GRC automation.
https://www.zengrc.com/blog/scope-pci-compliance/
Determining how to scope PCI compliance can make the difference between an easy audit and a complex audit. Learn the steps to determining your scope here.
https://www.zengrc.com/blog/cybersecurity-management-grc-automation/
Learn how to use GRC Automation for Cybersecurity Management and Threat Detection, as cybersecurity management becomes more pressing.
https://www.zengrc.com/blog/compensating-controls/
Compensating controls are ways to meet security requirements in the short term. But what do you really need to know to stay compliance?
https://www.zengrc.com/blog/wednesdays-women-infosec-kristina-birk/
July''s profiled woman in infosec is Kristina Birk. Ms. Birk joined Duo Security in 2013 as the first (but no longer only!) woman in the Engineering group.
https://www.zengrc.com/blog/cybersecurity-executive-order-need-know/
Presidential Executive Order 13636: Everything you need to know about the cybersecurity executive order impacts your (non)governmental business.
https://www.zengrc.com/blog/hidden-cost-of-cyberattacks/
Automation saves you money when it comes to the hidden cost of cyberattacks. Here are the ways each of the seven hidden costs can be lowered.
https://www.zengrc.com/blog/todays-credit-card-controls-evolved-lost-wallet/
Credit card controls have come a long way and the responsibilities held by companies who accept credit card payments have also grown exponentially.
https://www.zengrc.com/blog/vetting-vendors-not-weakest-link/
Vetting vendors is increasingly important as information security needs evolve. Here are some issues you need to review when engaging a new vendor.
https://www.zengrc.com/blog/wednesdays-women-in-infosec-eleanor-dallaway/
This month, Wednesday's Women in Infosec spotlights editor Eleanor Dallaway who has spent the last 11 years covering the infosec space.
https://www.zengrc.com/blog/legal-liability-in-information-security/
Legal liability in information security is a rising concern. Documentation can help limit liability and compliance helps organize that documentation.
https://www.zengrc.com/blog/6-sox-compliance-benefits/
SOX compliance benefits your organization more than you may realize. Here are six ways that you can add value to your company through compliance.
https://www.zengrc.com/blog/infosec-standards-and-regulations-primer/
Infosec standards and regulations being sorted into Hogwarts houses seems silly, but it helps organize the way we think of them.
https://www.zengrc.com/blog/infosec-compliance-awareness-ransomware-wannacry-medical-iot/
Wannacry proves ransomware is here to stay. Infosec compliance awareness can save lives when thinking in terms of medical IoT.
https://www.zengrc.com/blog/artificial-intelligence-in-security-is-not-the-terminator/
Artificial intelligence in security strikes fear in the heart of the average person, but infosec experts agree that it will shape the future of the industry
https://www.zengrc.com/blog/9-steps-to-being-a-successful-ciso/
Being a successful CISO means more than implementing software. It crosses the technological, business, and social skills landscapes.
https://www.zengrc.com/blog/wednesdays-women-in-infosec-georgia-weidman/
Georgia Weidman is one of the top women in infosec. Her startup Shevirah focuses on pen testing for mobile devices and is changing the face of security.
https://www.zengrc.com/blog/audit-mindset/
Changing the audit mindset means approaching compliance using risk methodologies. Technology is driving this but can also make it easier.
https://www.zengrc.com/blog/sarbanes-oxley-act-primer-everything-need-know/
We've put together an IT primer on the Sarbanes-Oxley Act, also known as SOX. It is a law that implements regulations on publicly traded companies.
https://www.zengrc.com/blog/69-information-security-blogs-to-follow/
Reciprocity has scoured the internet looking for the most informative, interesting, and in some cases, unique information security blogs.
https://www.zengrc.com/blog/information-technology-risk-automation/
Information technology risk analysis requires communication. Using automated tools creates a top down culture of compliance.
https://www.zengrc.com/blog/soc-audits-what-they-are-and-how-to-survive-them/
For all the complexity and variety of SOC audits the plain truth is that they will only grow more necessary in the future.
https://www.zengrc.com/blog/michelle-schafer-wednesdays-women-in-infosec/
This month's profile for Wednesday's Women in Infosec is Michelle Schafer from Merritt Group.
https://www.zengrc.com/blog/how-digital-transformation-really-drives-grc/
What really changes during digital transformation? It changes two things at a company: the assets it owns and the processes it uses.
https://www.zengrc.com/blog/grc-automation-information-silos/
New technology seems exciting and shiny, just like new employees. However, both can create information silos. GRC automation tools can break those silos.
https://www.zengrc.com/blog/user-access-review/
Protecting your organization from a security breach requires constant vigilance. Here are 7 steps to ensure that you've secured your user access controls.
https://www.zengrc.com/blog/author-jason-mefford-talks-crisk-academy-with-reciprocity/
Renowned expert and speaker, Jason Mefford, sits down with Reciprocity to discuss cRisk Academy, GRC, and changing audit mentality.
https://www.zengrc.com/blog/6-infosec-cartoons-and-webcomics/
When your week is getting you down and you need a quick pick-me-up, cartoons and memes are the way to go. The wonder of the internet…
https://www.zengrc.com/blog/wednesdays-women-magen-wu/
Wednesday's Women is a series that profiles women in information security that are working to keep businesses safe. This month's profile is Magen Wu.
https://www.zengrc.com/blog/119-infosec-experts-you-should-follow-on-twitter-right-now/
We have created a list of 119 twitter accounts of infosec experts that you should be following in order to be ahead of the IT curve.
https://www.zengrc.com/blog/compliance-project-management-launching-compliance-project/
Regardless of the objective of your compliance project, you’ll need solid execution built on strong planning to achieve your desired results.
https://www.zengrc.com/blog/2017-predictions-experts/
As January 2017 has come to a close, the year is still new. Here are a handful of perspectives from InfoSec Compliance experts about what they…
https://www.zengrc.com/blog/super-bowl-security-how-information-security-impacts-the-big-game/
Sitting back in your favorite recliner, a plate of nachos, a drink in one hand, and your cell phone in the other, open your smart…
https://www.zengrc.com/blog/iot-security/
Experts expect 2017 to be the year of IoT. This is a primer for background and resources for IoT security.
https://www.zengrc.com/blog/compliance-project-management-best-practices/
Learn why planning is paramount to the success of any compliance project, and how compliance teams can deliver on time and under budget.
https://www.zengrc.com/blog/zengrc-software/
The devil of compliance is in the details meaning that implementing GRC software might be the perfect way to clean out those proverbial compliance…
https://www.zengrc.com/blog/sox-compliance-and-private-companies/
Despite SOX being written for large, publicly held corporations, private companies may want to become SOX compliance in order to stay competitive.
https://www.zengrc.com/blog/five-ticketing-systems-grc/
Ticketing systems streamline the communication about the responsibility for GRC tasks and provide streamlined access to the task information.
https://www.zengrc.com/blog/10-probing-questions-grc-vendor/
Reciprocity's webinar "10 Probing Questions to Ask Your GRC Vendor" gives you resources to help select a vendor and ways to gain management support.
https://www.zengrc.com/blog/yoda-cio-zengrc-principled-performance/
GRC tools for Principled Performance strategies help Yoda CIOs train Padawan employees with integrity & convince Jedi Council Management of the Light side.
https://www.zengrc.com/blog/information-security-business-security/
When it comes to business continuity plans, many organizations focus on natural disasters. However, information security concerns are more important.
https://www.zengrc.com/blog/soc-2-soc-2-reporting/
Although SOC compliance can feel overwhelming, Pricewaterhouse Coopers new SOC 2+ model allows for greater individuality to meet all business's needs.
https://www.zengrc.com/blog/iso-framework-27001-compliance-basics/
Although ISO 27001 compliance an seem hard to understand, this quick primer will help you determine what you need to do to meet ISO Framework requirements.
https://www.zengrc.com/blog/defining-goals-grc-software-buyers-guide/
Learn how to start the process of selecting a GRC software tool using our Buyer's Guide, including tips for defining goals for your organization.
https://www.zengrc.com/blog/compliance-self-assessment-grc-software-buyers-guide/
Learn how to start the process of selecting a GRC software tool, including directions and a worksheet for conducting a compliance self-assessment.
https://www.zengrc.com/blog/ny-financial-cyber-regulations-coming/
Ken Lynch, Founder and CEO of Reciprocity, shares his thoughts on new financial cyber regulations and the impact to those who manage information security.
https://www.zengrc.com/blog/implement-grc-tool-buyers-guide/
Learn about the best time to implement a GRC tool in this excerpt from Chapter 3 of Reciprocity's new GRC Software Buyer's Guide.
https://www.zengrc.com/blog/grc-software-buyers-guide-ch2-smarter-compliance/
Learn the benefits of an all-in-one GRC tool in this excerpt from Chapter 2 of Reciprocity's new GRC Software Buyer's Guide.
https://www.zengrc.com/blog/grc-software-buyers-guide-ch1-excerpt/
Get the basics on GRC in this excerpt from Chapter 1 of Reciprocity's new Governance, Risk Management and Compliance Software Buyer's Guide.
https://www.zengrc.com/blog/zengrc-v2-4-release-audit-evidence-request-dashboards/
An overview of ZenGRC v2.4 release features including, new audit and evidence request dashboards, weekly summary emails and Safari compatibility.
https://www.zengrc.com/blog/competent-compliance-webinar-recording-now-available-learn-move-beyond-spreadsheets/
Get a recap of our latest webinar - Competent Compliance: 3 Ways to Move Beyond Spreadsheets - with Aaron Kraus and Tim Schmutzler
https://www.zengrc.com/blog/join-us-live-webinar-competent-compliance-3-ways-move-beyond-spreadsheets/
Some companies can get away with using an Excel spreadsheet to track simple compliance requirements. While Microsoft Excel is flexible and powerful…
https://www.zengrc.com/blog/get-quick-guide-zengrc/
Download the Quick Guide to ZenGRC, to learn more about Reciprocity's user-friendly GRC tool, designed to help you get compliant fast.
https://www.zengrc.com/blog/june-news-data-breaches-crypto-wars-acer-hack/
The latest governance, risk management and compliance news from June 2016 including, more data breaches, Crypto Wars 2.0 and the recent Acer hack.
https://www.zengrc.com/blog/5-common-mistakes-compliance-program/
Starting a compliance program can be a daunting process. We share common mistakes compliance program mistakes to watch out for when embarking on GRC.
https://www.zengrc.com/blog/zengrc-v2-2-release-system-record-dashboard-tree-view/
An overview of the ZenGRC v2.2 product release update including, a new system of record dashboard, an upgrade for PCI-DSS v3.2, & updated tree view displays.
https://www.zengrc.com/blog/understanding-new-pci-dss-v3-2/
Reciprocity GRC Expert, Aaron Kraus, provides some details about the new PCI-DSS v3.2 update and tips for the transition.
https://www.zengrc.com/blog/pci-dss-3-2-1-changes-and-whats-to-come-from-version-4-0/
Being compliant with the Payment Card Industry Data Security Standard 3.2.1, (PCI DSS version 3.2.1), launched in 2019, soon won't be good enough for…
https://www.zengrc.com/blog/4-steps-hipaa-compliance/
Reciprocity GRC Expert, Aaron Kraus, shares the first steps to consider if your business needs to add HIPAA to its compliance program.
https://www.zengrc.com/blog/zengrc-v2-1-release-features-audit-improvements-simplified-customer-support/
An overview of the ZenGRC software v2.1 release features including, audit improvements via assessment object recurrence and simplified customer support.
https://www.zengrc.com/blog/new-reciprocity-logo/
In this blog we share our thinking around the new Reciprocity logo and explain its connection to and representation of the evolved brand.
https://www.zengrc.com/blog/beginners-glossary-compliance/
GRC is a complex and challenging business even for the most seasoned of experts. In this blog, we share some common compliance terms and definitions.
https://www.zengrc.com/blog/compliance-tool-roadmap-long-will-excel-suffice-infographic/
Learn how long Excel will suffice as a compliance management tool and when you will need a more sophisticated GRC solution with our simple infographic.
https://www.zengrc.com/blog/zengrc-new-release-v2-0-consolidated-compliance-controls-simplified-evidence-collection/
A overview of the ZenGRC v2.0 release including, deeper insight into your compliance level, simplified evidence collection and workflows.
https://www.zengrc.com/blog/5-steps-deal-third-party-security-risks/
Even with solid security practices, no company is immune to insecure protocols. Learn 5 steps to deal with third-party security challenges.
https://www.zengrc.com/blog/compliance-best-practices-will-excel-crush/
When companies first determine they need a formal compliance program, many don't know compliance best practices.
https://www.zengrc.com/blog/zengrc-v1-99-release-features-consolidated-view-of-internal-controls-and-downloadable-reporting-dashboards-now-available/
A overview of the ZenGRC v1.99 release including, consolidated control set, downloadable reporting dashboard, and audit request notifications.
https://www.zengrc.com/blog/staying-compliant-in-the-cloud-without-a-cybersecurity-attorney/
Learn when a Cybersecurity Attorney is critical, and conversely, when and how you can stay compliant without one.
https://www.zengrc.com/blog/v1-98-release-features/
An overview of the ZenGRC v1.98 release features including, simplified document requests and compliance progress dashboards.
https://www.zengrc.com/blog/are-compliance-and-agility-mutually-exclusive-absolutely-not/
Compliance is often feared to stunt growth, but it doesn't have to. Learn ways to balance your compliance strategy with high growth and agility.
https://www.zengrc.com/blog/5-steps-to-securing-your-company-online-from-the-get-go/
This blog discusses the importance of IT infrastructure security, and provides 5 tips for approaching security issues quickly
https://www.zengrc.com/blog/compliance-could-be-your-selling-point/
Brad Thies, Reciprocity's Head of Compliance, provides tips to Cloud Service Providers on how to leverage compliance with customers
https://www.zengrc.com/blog/5-ways-to-create-a-culture-of-security/
Brad Thies, Reciprocity's Head of Compliance, gives 5 steps for how business leaders can foster a culture of security and compliance
https://www.zengrc.com/blog/keeping-your-feet-on-the-ground-with-data-in-the-cloud/
Brad Thies, Reciprocity's Head of Compliance, shares the risks to consider when contemplating your organization's decision to move your data to the cloud.
https://www.zengrc.com/blog/plum-release-2/
An overview of the ZenGRC software Plum Release features including, import improvements, downloadable forms, configurable displays and more.
https://www.zengrc.com/blog/compliance-as-a-service-a-buzzword-or-a-new-trend-in-business-2/
Get the pros and cons of the compliance management trend of compliance as a service, and learn the key areas to consider before selecting a provider.
https://www.zengrc.com/blog/top-3-challenges-when-updating-your-compliance-framework/
Well, it’s happened again. The framework you worked so hard to implement across your company needs updating. This typically occurs every 4-6 years to provide…
https://www.zengrc.com/blog/september-news-round-up-china-hacks-the-carbanak-trojan-bugzilla-breach-and-more/
A recap of the latest governance, risk management and compliance news from September 2015 including, the China Hacks, the Carbanak Trojan and more.
https://www.zengrc.com/blog/a-perfect-nightmare-compliance-and-record-keeping-disaster-waiting-to-happen/
This blog shares common pitfalls that organizations can face using compliance tools, and how to avoid them.
https://www.zengrc.com/blog/humans-a-data-security-strategys-worst-enemy/
Reciprocity's Head of Compliance gives some risk management strategies on how to protect data security around your most vulnerable asset: your people.
https://www.zengrc.com/blog/improve-security-and-compliance-with-saml/
This blog explains what SAML is and why it has become vital to compliance objectives for businesses utilizing the cloud security space.
https://www.zengrc.com/blog/changes-are-coming-for-the-trust-services-principles-and-criteria-are-you-ready/
This blog highlights the changes to the Trust Services Principles criteria taking effect in Spring 2016, and how they impact managing compliance
https://www.zengrc.com/blog/the-changing-risk-management-landscape/
Reciprocity's Head of Compliance, Brad Thies, discusses the changing risk management landscape and gives strategies to consider for staying compliant
https://www.zengrc.com/blog/zengrc-has-new-audit-functionality-and-redesigned-emails/
An overview of the ZenGRC version 1.95.1.2 release features from June 2015 including, new audit functionality and redesigned emails.
https://www.zengrc.com/blog/5-questions-to-ask-as-you-prepare-for-a-compliance-audit/
5 Things to Know as You Prepare for a Compliance Audit This post was originally published on SmartDataCollective. For most cloud service providers, a…
https://www.zengrc.com/blog/5-steps-to-build-processes-that-safeguard-your-most-sensitive-data/
This blog from Reciprocity's Head of Compliance, Brad Thies, gives 5 steps to build processes around improving data security.
https://www.zengrc.com/blog/the-rise-of-the-cloud-and-its-implications-for-risk-and-compliance/
Ken Lynch, Founder and CEO of Reciprocity, shares his thoughts on the rise of the cloud and how it has impacted governance, risk and compliance.
https://www.zengrc.com/blog/selecting-the-right-service-organization-control-report-for-outsourced-operations/
SOC reports provide a standardized way for auditing internal controls, but how do you know which report is right for your business? We have some tips.
https://www.zengrc.com/blog/zengrc-has-a-new-dashboard-custom-attributes-and-more/
An overview of the ZenGRC software release features from April 2015 including, a new quick start dashboard, custom attributes and more.
https://www.zengrc.com/blog/agile-compliance/
Ken Lynch, Founder and CEO of Reciprocity, shares 5 tips for implementing agile compliance programs.
https://www.zengrc.com/blog/welcome-to-the-zen-of-grc/
In this inaugural post of our Reciprocity Blog, Founder and CEO Ken Lynch shares his philosophy on the Zen of GRC and our mission for the blog.
https://www.zengrc.com/blog/zengrc-pro/
Hello, fellow GRC enthusiasts! As we wrap up another quarter, I’m thrilled to share the latest updates and enhancements we’ve made at ZenGRC. These new…