Like cars, whose investment and value we protect and preserve with regular annual maintenance at the least, your GRC and risk management processes and tools require careful regular service to preserve and extend their value and utility. Business environments are fluid. Change is a reliable variable from one year to another. Your business may have[…]
There’s a lingering belief that these are IT management concerns. That lingering belief is founded upon a “perceived reality” of a business operating in an environment where IT was little more than a contributing discipline to complete tasks and deliver efficiency. It made some narrow sense in a world free of cyber anything, pre-internet, where[…]
Almost every blog entry listed here makes some reference to a Governance, Risk, and Compliance (GRC) software tool and how it can help you manage cyber risk. But what if you don’t have one of these? What about spreadsheets? Or home grown database tools you made yourself and are certain are “good enough”? And suppose[…]
Third Party Risk Management (TPRM) is more than just management of a group or category of business relationships. It is a program unto itself with its own unique characteristics and methods. Too often, TPRM is viewed and undertaken as a procurement process subset. That can lead to a collection of discrete transactions managed on a[…]
Thirty-five years ago, my first article was published in a professional journal. It was the outgrowth of a talk I gave at a business conference on the use of computer generated graphical information reporting. In 1987 those technologies were in their infancy. Computerized business graphics, pie, line, and bar charts, generated using desktop systems and[…]
December brings more to our days than images of bright lights, holiday cheer, family gatherings, and for some, maybe a sprinkling of snow. In our work-realm of business and cyber risk management, it’s a time for reflection, refinement, and preparation for the year to come. Unless your business is retail or related, and you’re panting[…]
Summertime, and the living is, once again, easy—sort of. Just a few summers ago these were the days of occasional remote work, long weekends, holidays, vacations, and for some companies, shortened “summer hours”. As our work routines have made the separation of office, work, and personal time a fluid continuum, our risk perimeter and footprint[…]
Third Party Risk Management (TPRM) is often viewed as a linear process. This is a misunderstanding of the actions that in total represent the processes involved. First, it’s a continuous system, renewing itself in different cycles and frequencies, depending upon the risk level of the third party’s service, and the practices of procurement; second, its[…]
Smart technologies’ home presence grows with each passing day. The work-from-home (WFH) migrations for many workers seeking convenience while coping with “covid-19 encouraged isolation” have spurred this transformation to new levels of ready adoption. Smart thermostats, lights, home security cameras, front doorbells, automobile integration, automated window shades and curtains, TV’s and more, all managed through[…]
Managing third party risk is a primary component of any comprehensive risk management program. Without it, you ignore important external processes, resources, commitments and opportunities that may have specific, critical impacts upon your operating performance, regulatory and legal compliance, and brand reputation. In past discussions, we’ve explored what functions need to be performed to effectively[…]