• Investigation of missing IRS email holds lessons for your business

    Posted July 24, 2014 - 2:47 pm

    The IRS says it lost or destroyed emails pertinent to an ongoing investigation--but if procedure was followed, that shouldn't be possible.
  • 7 biggest IT compliance headaches and how CIOs can cure them

    Posted September 18, 2013 - 3:24 pm

    IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
  • Getting started with ISO 27001

    Posted July 8, 2012 - 6:44 pm

    The first step is justifying the first step. Why are you willing to go through an arduous certification process? How it will help your company? The next is getting a whole lot closer to exactly what that means.
  • Cloud computing: You can't outsource your compliance obligations

    Posted May 21, 2012 - 12:27 pm

    Even if your cloud provider is at fault should your company fall out of compliance, the law will come after you.
  • Security Manager's Journal: SOX is out of control

    Posted May 9, 2012 - 9:22 pm

    Complying with the act is consuming more and more time and detracting from real security work.
  • What is access governance?

    Posted April 15, 2012 - 6:04 pm

    Access governance is more than just the coolest concept since virtualization and cloud computing. It's likely to change the way you manage accounts on your servers. Designed to add clarity and control to questions like "Who has access to the recipe for our secret sauce?", it may be the answer to some of your biggest problems.
  • Cloud computing: 4 tips for regulatory compliance

    Posted August 10, 2011 - 3:15 pm

    Cloud computing seems simple in concept, and indeed, simplicity of operation, deployment and licensing are its most appealing assets. But when it comes to questions of compliance, once you scratch the surface you'll find more questions than you asked in the first place, and more to think about than ever before.
  • 'Camouflaging' earnings management

    Posted June 28, 2011 - 6:08 pm

    The stringent accounting and board standards introduced with the 2002 Sarbanes-Oxley are widely thought to have resulted in higher quality earnings. But by increasing the cost of earnings management, Sarbox has also become part of some companies' efforts to hide improper earnings management.
  • Decoding compliance certification icons

    Posted June 22, 2011 - 12:08 pm

    What software developers need to know about product safety and other hardware compliance certifications.
  • Competition crowns nation's funniest compliance officer

    Posted June 15, 2011 - 11:53 am

    Recruiter Howard-Sloan crowned a pharma exec nation's funniest compliance officer after a competition pitting the standup of six of the most hilarious stewards of corporate governance.
  • Sony managers could have stopped security disasters by talking to each other

    Posted May 26, 2011 - 1:54 pm

    Governance, risk assessment and compliance are boring; they're also the processes that let companies deal with the fall of one domino before it brings the whole chain down.
  • SAP takes on IBM, Oracle with new GRC suite

    Posted March 23, 2011 - 9:16 am

    SAP is hoping to cement its foothold in the growing market for GRC (governance, risk and compliance) software with a new suite, announced Wednesday, that is nearly three years in the making.
  • Group texting may be IT's next headache

    Posted March 15, 2011 - 5:55 pm

    Group texting is free, easy and familiar; users will looove it, often avoiding systems built to comply with rules that specifically require text-tracking.
  • Dos and don'ts for IT GRC success

    Posted March 7, 2011 - 9:47 pm

    DO agree on an IT-GRC implementation strategy. Moving disjointed, manual processes into an automated, centralized tool is an enormous undertaking. While a giant boa constrictor can unhinge its jaw and swallow a large mammal whole, that strategy is not advisable for your enterprise.
  • IT GRC tools: Control your environment

    Posted March 7, 2011 - 9:45 pm

    As enterprises approach a high level of maturity in their IT governance, risk and compliance (GRC) programs, they face a conundrum: How can they effectively implement and manage policies and their supporting controls to maintain a strong risk posture? To add to the difficulty, the environments they manage are often widely distributed and subject to multiple regulatory requirements and internal audit requirements, and must adapt to changing business needs. GRC tools are designed to help.
  • eGRC vs. IT GRC

    Posted March 7, 2011 - 9:43 pm

    Most analysts break the market down into two broad categories: IT GRC and Enterprise GRC (eGRC). The vendors generally don't make it any easier for potential enterprise customers, as the IT GRC players often claim they do eGRC, and all the eGRC vendors saying they encompass IT as well.
  • $1 million object lesson in compliance and data protection

    Posted February 25, 2011 - 11:28 am

    Even companies with good programs and good records on compliance can get hit with high fines and costs for errors IT can't prevent.
  • Merck moves to improve system security and compliance

    Posted January 31, 2011 - 12:39 pm

    Pharmaceutical and chemical giant Merck is improving compliance and simplifying security with new systems from CA Technologies.
  • Cost of regulatory security compliance? On average, $3.5M

    Posted January 31, 2011 - 10:56 am

    The cost of achieving regulatory security compliance is on average $3.5 million each year, according to a survey of 160 individuals leading the IT, privacy and audit efforts at 46 multinational organizations.
  • How Botox battles compliance wrinkles

    Posted January 28, 2011 - 11:33 am

    A BPM overhaul saved the day after legal issues complicated compliance at Botox-maker Allergan.
  • Cisco acquires Pari: What goes around, comes around

    Posted January 26, 2011 - 1:48 pm

    Cisco this week announced its intent to acquire privately-held Pari Networks, a provider of network configuration, change and compliance management appliances that was founded by former Cisco engineers.
  • Expert: WikiLeaks complicates compliance

    Posted January 26, 2011 - 12:25 pm

    SenSage CEO Joe Gottlieb explains how WikiLeaks was just the beginning of a larger challenge to come, in terms of compliance efforts and a future full of WikiLeaks-inspired content leakers.
  • SOX giveth as well as taketh away

    Posted January 20, 2011 - 6:32 pm

    It's SOX season again. As a publicly traded company, we have to comply with the Sarbanes-Oxley Act.
  • The key to keeping e-discovery cheap

    Posted January 11, 2011 - 7:10 pm

    When they go to court, most companies dump every bit of data they can collect on lawyers, who get paid a lot more than a DBA to filter through it.
  • The 5-step compliance shuffle

    Posted January 7, 2011 - 7:10 am

    If faced with an auditor, or even worse, a court room, you will have to show due diligence and due care. Here are the 5 things you need to know and do (repeatedly) to maintain compliance.
Join us:






Join today!

See more content
Ask a Question