Governance Risk and Compliance

Tag: Risk Management

  • ,

    Information Security Policy Framework

    Introduction The information security policies framework is an organization’s primary tool for managing its information security programs. Policies set out an organization’s requirements for protecting data and assets and regulating actions taken by employees and third parties. There are four types of documents that make up an information security program: Policies Policies are statements of…

  • PCI DSS 4.0 compliance required by March 2025

    Introduction The Payment Card Industry Data Security Standard (PCI DSS) 4.0 has been released, but many organizations are still trying to figure out what it means for them. The PCI 4.0 changes have implications for merchants, service providers, their customers, and other parties that process payment card transactions. Organizations should start preparing to comply with…

  • GRC Leadership

  • ,

    Business Recovery Processes

    Introduction Business recovery is the process of bringing your business back online in the aftermath of a disaster. Disaster recovery can happen quickly, but it usually takes longer than expected. It’s important to have a plan in place to recover from any disruption so that you can continue operating with minimum disruption and maximum efficiency.…

  • ,

    Evaluation of Risk – Transfer Risk

    Introduction Risk transfer is the process by which a company moves its financial responsibility to another party. The transferring entity and receiving party must enter into a contract specifying the transfer terms, including what risks will be transferred, how much they will cost, and what types of incidents will trigger coverage. Risk-transfer contracts are often…

  • Business Impact Analysis

    Introduction A business impact analysis (BIA) is a process that identifies the critical elements of an organization’s operations and data and develops strategies to recover quickly from any disruption or disaster. A BIA helps you identify the most critical assets and activities your organization needs to protect and enables you to prioritize recovery efforts in…