Business<br />
Insights that<br />
drive results

Blog

Business
Insights that
drive results

Posts in category "Risk & Compliance"

07/25/2017

Perspectives on Privacy … From 20 Years Ago to Today

Twenty years ago, this week Deluxe created the foundation of its privacy program by establishing core privacy principles that would embody the spirit of our commitment to privacy. The evolution of privacy since 1997 made me wonder how to compare our perceptions and perspectives on privacy in today’s market landscape:  THEN and NOW. What’s changed…

Read More >

07/06/2017

Digital Innovation, Disrupters & Cyber Technology Perspectives on Third Party Risk

Last month over three hundred risk professionals gathered in Washington D.C. to focus on the digital landscape and emerging risk factors for Third Party Risk Management at the 10th annual Shared Assessments Summit.  Thought leaders from many verticals, including financial services, healthcare, asset management, and consumer products provided market insights on a variety of topics…

Read More >

06/13/2017

Internet of Things (IoT) and Third-Party Risk

In our digital age, everything is connected. Cars can drive themselves, Planes can fly themselves, and your Refrigerator can use the internet to tell you if you are out of milk and eggs when you are at the grocery store. The era of connectivity and immediacy of data has created a new worldwide web out…

Read More >

05/18/2017

SOC It To Me in 2017 – Preparing for the SSAE 18, Part II

My last blog, SOC it To Me in 2017 – Preparing for the SSAE 18 highlighted the changes and differences to the planning, scoping, and execution of an SSAE 18 engagement from the service organization’s point of view. For part II, I plan on sharing tips on the downstream implications to third party risk and the…

Read More >

05/02/2017

SOC it To Me in 2017 – Preparing for the SSAE 18

Last year, I published a blog called SOC it 2 Me in 2016 regarding understanding the types of external assurance audits, including a comparison of SOC 1 and SOC 2 engagements. Post the transition from the “SAS 70” era and a few cycles of SOC 1, SOC 2, and SOC 3 engagements; the Auditing Standards…

Read More >

03/15/2017

Is the New York Cybersecurity law a turning point?

The Ides of March is a historical reference to a turning point in world history with the shift in power in Roman history, following the assassination of Julius Caesar. That turning point triggered a civil war and the creation of the Roman Empire. Given the historical references of the Ides of March in world literature,…

Read More >

02/14/2017

Progressive Risk Management: The Three Lines of Defense Model

The Three Lines of Defense sounds like a football strategy, vs. a risk/compliance approach. However, this year, we are having an ongoing post-game debate of the value of a good defense or a good offense when it comes to landing on top in the final game. Leveraging various skills in football – blocking, tackling, punting,…

Read More >