Data Privacy Day So, January 28th is Data Privacy Day and our marketing department thought it would be a great idea to write a blog on, you guessed it, data privacy. Not really a new thing for us; we’ve written a ton of blogs on the topic and we’ve even been quoted in a book….
Archives.
COSO 2013: Monitoring Activities
Welcome to our final blog of our COSO 2013 series. Over the course of the series, we have discussed how to develop a control environment, execute risk assessments, design control activities, and how to use information to make decisions regarding your control environment and communicate your control objectives. In this blog, we will cover how…
COSO 2013: Information and Communication
Welcome to the fifth post of our COSO 2013 blog series. To date, we have discussed how to develop a control environment, execute risk assessments, and design control activities. In this blog, we will cover how to leverage information to make insightful decisions concerning your control environment, and how to communicate your control objectives to…
COSO 2013: Control Activities
Welcome to part four of our COSO 2013 blog series. We have covered COSO’s guidance around the development of a control environment and execution of risk assessments. In this blog, we will focus on how to use the output of your risk assessments to properly select, design, and implement control activities. How are Risk and…
COSO 2013: Risk Assessment
Welcome to part three of our COSO 2013 blog series. In our previous blog, we discussed the COSO framework’s key principles for the development of a robust control environment and ways that ServiceNow can assist with the implementation of those principles in your organization. Having setup your control environment, we can now focus on the…
COSO 2013: Control Environment
Last week we introduced readers to the changes taking place as a result of the COSO 2013 framework superseding its predecesor, COSO 1992, on December 15th. In this post, we’ll tackle the first of the five components of internal control. When you look at the COSO cube, one of the first sections to jump out…
COSO 2013: Is Your Business Prepared?
ATTENTION: Risk Managers and Audit Directors! Do you know what is so important about December 15TH? No, it’s not just the final countdown to holiday vacation. Rather, today the new COSO 2013 Framework officially supersedes the 1992 Framework. The COSO Framework is the most widely recognized and adopted enterprise risk management framework, and is the…
One Tool You Must Have to Manage Regulatory Change
Michael Rasmussen, Chief GRC Pundit at GRC 20/20 Research, is in the process of publishing a blog series on the daunting challenges that organizations must face when addressing governance, risk, and compliance (GRC). His first post focuses on regulatory change management and what he calls the “tsunami” of regulatory change that overwhelms many organizations. One…
Re-Thinking Security & Privacy Training
“The Most Alarming Fact of the HIPAA Audits,” written by Daniel Solove, brings to light many worrying statistics regarding the first round of the HITECH-mandated audits back in 2011-2012. If you remember, The Health Information Technology for Economic and Clinical Health Act or HITECH, is a companion act to the Health Insurance Portability and Accountability…
When it Comes to Compliance, Skip the CliffsNotes
Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS 3.0) was published in November 2013, and became effective on January 1, 2014. Companies compliant with PCI DSS 2.0 have until January 1, 2015 to comply with the new version of the standard. Given that looming deadline, we thought it was best to…