Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
As we enter the new year, many of us will start the annual third-party attestations. It’s important to remember that holding a third-party attestation provides a baseline assurance on the effective implementation of management, operational, and technical controls. Compliance demonstrated by a clean SOC 2 report, ISO 27001 certification, HITRUST certification, etc. does not equate to…
In the wake of the financial crisis, the IIA came up with a model for better Risk Management and called it the ‘3 Lines of Defense’ model. This model allows regulators to better assess the risks in the financial industry. Though the model was mainly written for financial services, it is widely accepted in the…
According to an IDG report, 73% of all the companies use Cloud to run at least a portion of their application, and of the rest, 17% plan to move to the cloud in some form or the other in the next 12 months. But why there’s such a surge to move in the cloud? From…