Blog
Page 14 of 152
Enhancing Vendor Relations: Strategies for Direct Communication
Most businesses depend on their supply chains for success — but as the Covid-19 pandemic painfully demonstrated, few companies have a full grasp of their supply chain risk and know how to manage that risk well. One crucial issue is how you communicate with your vendors; vendor communication is a vital part of the procurement […]
March 21, 2024
What Are the PCI DSS Password Requirements?
PCI DSS is the cybersecurity standard that retailers must follow to assure the security of their customers’ credit card data. PCI DSS has many components, but among the most critical is a requirement for strong passwords. In this article, we’ll explore the fundamentals of PCI DSS and its password requirements, so that your organization can […]
March 20, 2024
Cross-Mapping and GRC Compliance
As businesses grow, they encounter more regulatory requirements — and soon enough, those requirements can feel like a straitjacket of overlapping obligations. The way to wriggle free from that straitjacket is to develop strong governance, risk, and compliance (GRC) capabilities. One important GRC capability is control mapping: mapping various regulatory requirements to specific controls your […]
Why PCI 4.0 Matters: A Deep Dive into Its Importance
The Payment Card Industry Data Security Standard (PCI DSS) is a crucial security standard for protecting personal data during credit card transactions — and managing PCI compliance is essential for businesses that handle such data. The latest PCI DSS standard, Version 4.0, goes into effect March 2024. Organizations will need to adapt to new requirements […]
How to Automate Triggers Based on Expiration Dates
Organizations must stay on top of compliance deadlines and expiration dates. Failure to meet these deadlines can lead to costly penalties, reputational damage, and legal consequences. Fortunately, automated tools can help streamline compliance processes and assure that important deadlines are never missed. In this blog post, we’ll explore how to automate triggers based on expiration […]
March 19, 2024
Mastering User Entity Controls: A Guide to Complementary Strategies
Complementary user entity controls (CUECs) are essential to any SOC 2 compliance project report. These controls help to confirm the service provider’s system is secure by outlining responsibilities that the client (that is, the user) must undertake as well. Developing strategies to identify, map, and monitor CUECs is crucial for organizations that rely on Software-as-a-Service […]
What is a Data Subprocessor? The Data Processing Chain Explained
Modern digital supply chains are complicated. As ever more businesses outsource ever more business functions to focus on their core responsibilities, those chains stretch around the world and involve ever more links. This has significant economic, security, and privacy ramifications. Tracking the movement of personal data across digital supply chains is difficult— but it is […]
March 18, 2024
Connecting Document Management to Compliance
Good documentation is essential for any compliance program, but all that documentation is pointless if you cannot find anything when needed. That’s where document management comes in: keeping crucial files organized and accessible. What Is Document Management? Document management is the process of storing, organizing, retrieving, and distributing any significant documents across your organization. You […]
The Role of Artificial Intelligence in Cybersecurity – and the Unseen Risks of Using It
From using AI in cybersecurity to automate manual tasks to enhancing third-party risk management processes, Artificial Intelligence (AI) is reshaping the cybersecurity landscape. But as we embrace this powerful technology, are we fully aware of the unseen risks it brings? By training neural networks on vast datasets, AI models can learn to identify patterns and […]
March 17, 2024
What Is ESG in Risk Management?
Risk management programs have traditionally addressed financial, compliance, and operational risks. However, a new class of risks is emerging: “ESG” risks, which encompass critical environmental, social, and governance issues. Incorporating ESG as an integral part of Enterprise Risk Management (ERM) strategy is becoming increasingly crucial for businesses. By understanding and managing ESG risks systematically, organizations […]
March 16, 2024
Page 14 of 152