ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1521 Results
Page 28 of 153

Why Are Remote Access Policies Important?


When the COVID-19 pandemic forced the closure of offices worldwide, many companies that hadn’t previously considered remote access to their corporate networks and servers had to do so quickly. Moreover, with the popularization of hybrid cloud systems and Bring-Your-Own-Device (BYOD) policies, the risk vectors related to remote access have increased significantly. More people can connect […]

Business woman using a laptop with digital graph to document management.

December 4, 2023

Outsourcing Responsibility to Vendors Could Be Your Biggest Mistake


For small businesses especially, outsourcing has become the norm – and for a good reason. Specialized vendors can increase the efficiency of your company so you have the freedom to focus on your core business. Companies often confuse the outsourcing of business processes with the outsourcing of responsibility. In reality, you are still responsible for […]

Virtual touch screen. Project management. Data analysis. Hitech technology solutions for business. Development. Icons and graphs background

What is a Vendor Framework?


For most businesses, third-party vendors are essential to the business ecosystem. A study by Gartner found that in 2019, 60 percent of organizations worked with more than 1,000 third parties. As those networks continue to grow, so will the cybersecurity threats that third-party vendor relationships pose to your business. These partnerships have unprecedented access to […]

Young designer giving some new ideas about project to his partners in conference room

Who Can Perform a SOC 2 Audit?


The SOC 2 standard for assessing cybersecurity was established by the American Institute of Certified Public Accountants (AICPA). This means only independent Certified Public Accountants (CPAs) and licensed CPA firms are qualified to conduct SOC 2 compliance audits and attestation for service organizations. The auditor or service auditor must be fully independent, with no ties […]

AICPA SOC

Tags:

What is an ISO Stage 2 Audit?


An International Standards Organization (ISO) Stage 2 audit evaluates the implementation and effectiveness of a company’s management system. It is often referred to as the “certification audit,” the final step to achieve compliance with several notable ISO standards. The process for achieving ISO certification follows a consistent approach for all management systems standards, including ISO […]

digital hand tapping ISO standards quality controls touchscreen

What Is ISO 14001?


ISO 14001 is the international standard that specifies requirements for an effective environmental management system to achieve ISO compliance. An environmental management system consists of policies, processes, plans, practices, and records that govern how an organization interacts with the environment. That system should be tailored to each organization because the legal requirements and environmental interactions […]

digital hand tapping ISO standards quality controls touchscreen

November 28, 2023

What is the HIPAA Privacy Rule?


The HIPAA Privacy Rule, formally known as the Standards for Privacy of Individually Identifiable Health Information, is a cornerstone of healthcare compliance. Enacted under the Health Insurance Portability and Accountability Act (HIPAA), this rule is the bedrock for safeguarding sensitive health records and protecting Individually Identifiable Health Information (IIHI). Its scope is comprehensive, encompassing all […]

Preparing for a HIPAA Audit: A Step-by-Step Guide

Tags:

What is GDPR?


The GDPR (General Data Protection Regulation) is a data protection law that mandates all companies doing business within the European Union (EU) member states to comply with strict new rules protecting the personal data and privacy of people living in the EU (data subjects). Effective May 25, 2018, the General Data Protection Regulation replaces the […]

GDPR (general data protection regulation) concept. Cubes with text GDPR and icons of people.

Tags:

What is PCI DSS certification?


There is no PCI DSS certificate, per se, because credit card and cardholder data security—the focus of the Payment Card Industry Data Security Standard—is an ongoing process, not a one-and-done deal. More prominent merchants, however, will need to attain a yearly Report on Compliance from a Qualified Security Assessor (QSA) or Internal Security Assessor. Under […]

female handing her credit card to a grocery checkout clerk

Tags: ,

Why is FedRAMP Important for State and Local Agencies?


The Federal Risk and Authorization Management Program (FedRAMP) was launched by a group of federal agencies that realized the efficiency of having a single risk-based standard for Cloud Service Providers (CSPs) rather than each federal agency developing its security assessment program from scratch when forging a business relationship with an industry partner. As all organizations […]

man pushing against dominos to prevent them from falling

Page 28 of 153

Ready to Experience Simply Powerful GRC?

×