Why manage technology Governance Risk and Compliance? And how? Because to err is human, to really mess things up requires a computer. I am sure you have heard the Paul Ehrlich saying. Now take it a step further, connect those computers. You now have a recipe for conditions that can go from zero to disaster, […]
4% of your workforce. On an ongoing basis! This is what GRC tasks will exact from you if they are not managed well. This is the magnitude of ‘things’ that an organization must deal with just to ensure it is in line with the generally accepted practices to keep its data and computing infrastructure safe […]
Making Compliance Simpler: The Power of the Unified Compliance Framework Managing Technology Compliance can get really complex. From GDPR and HIPAA to ISO 27001, NIST CSF, and more, there’s always a new mandate to follow, each with its own requirements, documentation, and reporting formats. There are regulations by the governing bodies like RBI, SEBI, IRDAI […]
Let’s be honest — Governance, Risk, and Compliance (GRC) often feels like a maze of policies, audits, and checklists. For many organizations, GRC is something they do because they must — not because they truly understand how well it’s working. So, Where Do We Begin? Before you can improve your GRC efforts, you need to […]
Urgent is Loud, Important is Quiet Are you listening to the quiet stuff? In some of my earlier posts I talked […]
In a key development for regulated entities, the Securities and Exchange Board of India (SEBI) has extended the deadline for implementing Technology Compliance from the original date to August 31, 2025. The Banking, Financial Services and Insurance (BFSI) sector is navigating legacy technologies, rising risks, and at the same time trying to comply with SEBI […]
Environmental Challenges in Technology GRC Progress is man’s ability to complicate simplicity – Thor Heyerdahl As anything grows, gets wider acceptability, and achieves success, it goes from self-regulation to being regulated by norms. However, this success attracts people who want to take advantage and profit from dubious exploitation of that success. And that finally brings […]
Why is Technology GRC so difficult? “There are only two types of companies: those that know they’ve been compromised, and those that don’t know.” I am sure you have heard some variation of this quote variously attributed to John Chambers (former CEO of CISCO) or to Dmitri Alperovitch (formerly of McAfee) So, why is it […]
Why do Enterprises Struggle with Technology Compliance? In the last year, I have talked to leaders such as CXOs, VPs, Technology Heads and CISOs in medium and large organizations to understand how they track and establish if they are doing all they should be doing to secure their Technology assets. The topic of discussion was […]
As a provider of software solutions and in recent years hosting them on the cloud, we follow security standards diligently. In fact, that is a part of our deliverables to our customers. This write-up comes from the experience of being responsible for the security of our own information assets and those of our customers’. Ensuring […]
In IT compliance, control over data sharing is a major preventive step against accidental or intentional data breaches. Here are a couple of cases that could have been avoided with better control over data sharing. Roger Duronio was a UBS Wealth Management systems administrator. In 2006, he used a “logic bomb” to damage the company’s […]
