ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1516 Results
Page 29 of 152

Navigating the Waters of Change: A Risk Expert’s Roadmap for NYDFS Cybersecurity Regulation Compliance


In the fast-paced world of cybersecurity, change is not only constant but crucial. The New York Department of Financial Services (NY-DFS) demonstrated that principle on Nov. 1, 2023, when it completed a sweeping set of updates to its cybersecurity regulation.  If you find yourself apprehensive about these changes, fret not — I’m here to guide […]

Digital Waves With Connected Icons

November 28, 2023

Cut Through Compliance Complexity with Consolidated Objectives


2023 has been a rough year, with large tech companies worldwide hit by huge fines for violating the EU General Data Protection Regulation (GDPR) and other compliance violations as well. Businesses can bring their best talent and technology to maintain regulatory compliance, but the plain truth is that as a business grows, so does the […]

consolidated objectives

Tags: , ,

November 27, 2023

What is a SSAE 18 Audit?


The SSAE 18, or Statement on Standards for Attestation Engagements No. 18, auditing standards require that service organizations confirm and re-confirm third-party vendor certifications and controls on an ongoing basis. Overseen by the American Institute of Certified Public Accountants (AICPA), SSAE 18 governs how companies report on their internal controls. According to the AICPA, attest […]

electric impulses serpentining from a digital shield

Tags: ,

November 22, 2023

What Are the Differences Between FISMA and FedRAMP ?


The U.S. federal government is one of the largest organizations in the world, and a vast number of private businesses provide goods and services to the government as federal government contractors. This means that those contractors must pay close attention to two cybersecurity standards: the Federal Risk and Authorization Management Program (FedRAMP) and the Federal […]

lock illustration with microcircuit on USA flag and blurry skyscrapers background, cyber security concept

How to Prepare for PCI DSS 4.0 to replace PCI DSS 3.2.1


By Mike Killinger, GRC Solutions Consultant As the world of digital payments evolves rapidly, staying ahead in terms of security standards is paramount for any business handling cardholder data. The introduction of PCI DSS 4.0 brings significant updates and enhancements aimed at strengthening payment security and overall cybersecurity in an increasingly complex cyber landscape. In […]

PCI DSS 4.0

What is FedRAMP?


The Federal Risk and Authorization Management Program, commonly known as FedRAMP, represents the U.S. federal government‘s strategic initiative to transition to cloud computing while ensuring the security and integrity of cloud services. FedRAMP offers a unified framework for assessing, authorizing, and continuously monitoring the security of cloud services and products provided by Cloud Service Providers […]

digital clouds on a blue gradient background

Tags: ,

What does it mean to be ISO Certified?


The International Organization for Standards (ISO) creates and publishes industry standards intending to respond to customer satisfaction concerns regarding a lack of consistency and quality in manufacturing. Since their conception, the ISO standards have evolved to incorporate a variety of industries, including information technology. Governments and other organizations often use the standards established by the […]

Stressed Man At Desk

Tags:

What is an ISO Stage 1 Audit?


An International Standards Organization (ISO) Stage 1 audit determines whether a company is ready for its ISO Stage 2 Certification Audit. It is the first stage in the certification audit process. The certification audit determines if an organization’s management system complies with the standard’s requirements, e.g., ISO 9001, ISO 14001, ISO 45001, and can be […]

hand writing Internal Audit in red marker in the middle of Risk Interviews System Scope flow diagram

SOC 2 vs. PCI Compliance: What’s the Difference?


Inherent Risk vs. Control Risk: What’s the Difference? Any company that processes or stores personal consumer data has likely encountered the System and Organization Controls Report (SOC 2), formerly known as Service Organization Controls, and the Payment Card Industry Data Security Standard (PCI DSS). These two sets of requirements can appear similar at first glance, […]

compliance in the cloud surrounded by cybersecurity icons

What is ISO 19011?


ISO 19011 is a set of guidelines for auditing management systems. It is an international standard to help organizations perform these audits.  ISO 19011 is designed to advise organizations on preparing audit programs for auditing their management systems, such as environmental, risk, and quality management systems. However, ISO 19011 is not a set of requirements […]

ISO

Page 29 of 152

Ready to Experience Simply Powerful GRC?

×