Business<br />
Insights that<br />
drive results


Insights that
drive results

Posts in category "Risk & Compliance"


Internet of Things (IoT) and Third-Party Risk

In our digital age, everything is connected. Cars can drive themselves, Planes can fly themselves, and your Refrigerator can use the internet to tell you if you are out of milk and eggs when you are at the grocery store. The era of connectivity and immediacy of data has created a new worldwide web out…

Read More >


SOC It To Me in 2017 – Preparing for the SSAE 18, Part II

My last blog, SOC it To Me in 2017 – Preparing for the SSAE 18 highlighted the changes and differences to the planning, scoping, and execution of an SSAE 18 engagement from the service organization’s point of view. For part II, I plan on sharing tips on the downstream implications to third party risk and the…

Read More >


SOC it To Me in 2017 – Preparing for the SSAE 18

Last year, I published a blog called SOC it 2 Me in 2016 regarding understanding the types of external assurance audits, including a comparison of SOC 1 and SOC 2 engagements. Post the transition from the “SAS 70” era and a few cycles of SOC 1, SOC 2, and SOC 3 engagements; the Auditing Standards…

Read More >


Is the New York Cybersecurity law a turning point?

The Ides of March is a historical reference to a turning point in world history with the shift in power in Roman history, following the assassination of Julius Caesar. That turning point triggered a civil war and the creation of the Roman Empire. Given the historical references of the Ides of March in world literature,…

Read More >


Progressive Risk Management: The Three Lines of Defense Model

The Three Lines of Defense sounds like a football strategy, vs. a risk/compliance approach. However, this year, we are having an ongoing post-game debate of the value of a good defense or a good offense when it comes to landing on top in the final game. Leveraging various skills in football – blocking, tackling, punting,…

Read More >


Privacy: Politics or Perception?

Each year on January 28th, organizations around the world celebrate Data Privacy Day to come together to showcase a commitment to the privacy of personal information. Email privacy, whistleblowing, and surveillance were all headline topics the past year. Given today’s technology and shifts in regulation expectations, programs need to adapt to address compliance from multiple…

Read More >


The Future of Email Privacy

While 2016 is behind us, many organizations are putting together year in review lists, and hot topics for 2017.  Uncertainty abounds on regulatory priorities, especially in financial services. However, one topic has emerged from last year as a continued hot topic for a privacy professional like myself. That topic is the future of email privacy….

Read More >