ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1516 Results
Page 50 of 152

CCPA Compliance Checklist


If your organization has a presence in California or does business with California residents, then it most likely needs to comply with the California Consumer Privacy Act (CCPA). Enacted in 2020, the CCPA is a landmark privacy law in the United States with a long reach and tough regulatory obligations. Here’s what your IT, security, […]

Document management system concept with aerial view of the Bay Bridge in San Francisco

Tags: ,

January 12, 2023

What is Risk Mitigation?


Risk mitigation is the process a business undertakes to reduce its exposure to the various risks it might face. Obviously businesses face many risks, some of which can cause severe disruption or financial loss. Mitigation is a prudent step every company should take to avoid such unwanted events. More broadly, one could say that risk […]

risks being mitigated on a digital globe

Tags:

What is Third-Party Risk Management?


Third-party risk management (TPRM), also known as “vendor risk management,” manages risks introduced to your business by your organization’s vendors, suppliers, contractors, and service providers. Any outside party that plays a significant role in your company’s ecosystem or supply chain is considered a third-party vendor. For example, say you work closely with a shipping agent […]

business professionals reviewing risk management protocols with vendors

Tags:

January 5, 2023

Why You Should Assess Cyber Risk According to Industry


Any organization that uses information technology should conduct cybersecurity risk assessments. That said, every organization faces its own unique set of security risks, and needs to take its own unique approach to solve them. A cybersecurity assessment examines your organization’s security controls stacked against known vulnerabilities. The overall goal is to evaluate and understand your […]

view of city with circuitry and digital icons overlay

How to Map HIPAA to ISO 27001


The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law meant to protect sensitive electronic protected health information (ePHI). Every healthcare organization (“covered entity”) must comply with HIPAA’s two fundamental rules. The Privacy Rule sets conditions for the use and disclosure of patients’ ePHI. The Security Rule mandates that covered entities implement […]

medical professional tapping HIPAA compliant icon on touchscreen

Security Posture: Definition and Assessments


For most companies, determining acceptable levels of risk is a subjective exercise. The decision typically rests on the ethos of senior leadership: Are they growth-oriented risk-takers, or more conservative and measured in their actions? Other factors influencing risk include your company’s reputation in an industry. For example, if you’re known for being astute in the […]

information security engineer evaluating system diagrams

Tags: ,

Steps to a Successful ISO 27001 Risk Assessment Procedure


ISO 27001 is an internationally recognized standard to establish an information security management system (ISMS). Implementing ISO 27001 provides organizations a better way to manage and secure their information assets. That includes intellectual property, financials, employee details, customer data, and information entrusted by third parties. Achieving ISO 27001 compliance lets companies demonstrate that they are […]

hand tapping ISO27001 icon on touchscreen

December 29, 2022

Page 50 of 152

Ready to Experience Simply Powerful GRC?

×