Why is Data Privacy and Protection required? Can you send me some money urgently? One of my former colleagues saw this message popup on her WhatsApp feed. It happened not once. Twice! Someone took my LinkedIn picture and reached out to my ex-colleague on WhatsApp asking her to swiftly handle a transaction for me. Phone […]
Now that we’ve talked about what the ISO 27001 framework is all about and who actually needs it, let’s break it down a little more. ISO 27001:2022 Annex A Structure & Controls The 2022 version of the standard organizes 93 controls into four main themes: Organisational Controls (Clause 5):37 controls People Controls (Clause 6):8 controls […]
Why it Matters, Who Needs It and Why Protecting data can really feel overwhelming especially as the stakes keep getting higher. ISO 27001 offers a way of doing this systematically. However, implementing it seems like a huge and complicated endeavor. It does present some challenges but once you understand what it’s trying to do, it […]
Operational Challenges in Implementing Tech GRC In an earlier post I talked about the why organizations face difficulties as they implement a sound Technology GRC program. As I mentioned, there are three types of factors. Environmental, those outside your control Strategic, how you choose to respond. And Operational, how your response is implemented, which is […]
As I have mentioned earlier in my blogs on “Cyber attacks – What you cant see can hurt you” , “urgent is Loud and Important is quiet” and “Threats change faster than you can react”, organizations are constantly changing and evolving in response to the changing marketplace, customer needs, and threat environment. Organizations realize the value […]
“Could this have been prevented?” That’s the haunting question every technology leader and compliance officer asks after a major failure — when systems go down, customer data is exposed, or auditors uncover gaps that should have been caught months earlier. Take one example: a Fortune 500 global bank fined $1.5 billion for failing to maintain […]
Why manage technology Governance Risk and Compliance? And how? Because to err is human, to really mess things up requires a computer. I am sure you have heard the Paul Ehrlich saying. Now take it a step further, connect those computers. You now have a recipe for conditions that can go from zero to disaster, […]
4% of your workforce. On an ongoing basis! This is what GRC tasks will exact from you if they are not managed well. This is the magnitude of ‘things’ that an organization must deal with just to ensure it is in line with the generally accepted practices to keep its data and computing infrastructure safe […]
Making Compliance Simpler: The Power of the Unified Compliance Framework Managing Technology Compliance can get really complex. From GDPR and HIPAA to ISO 27001, NIST CSF, and more, there’s always a new mandate to follow, each with its own requirements, documentation, and reporting formats. There are regulations by the governing bodies like RBI, SEBI, IRDAI […]
Let’s be honest — Governance, Risk, and Compliance (GRC) often feels like a maze of policies, audits, and checklists. For many organizations, GRC is something they do because they must — not because they truly understand how well it’s working. So, Where Do We Begin? Before you can improve your GRC efforts, you need to […]
Urgent is Loud, Important is Quiet Are you listening to the quiet stuff? In some of my earlier posts I talked about factors that influence challenges that organizations face in implementing a sound Technology GRC program. As I mentioned, there are three types of factors. Environmental, those outside your control – Earlier Blog Strategic, how you […]
