Blog

In less than 10 months, the General Data Protection Regulation (GDPR), the most important change in data privacy in 20 years, will take effect on May 25, 2018. The GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and standardize personal data protection.

The new regulation will replace the current data protection directive of 1995, and is truly democratizing data privacy. Its objectives are to give European c

Now Available: A web based interactive map in WPS! The map generates a complete overview of all permit requests, work permits and isolations (LOTO).  Go to https://www.workpermitsystem.com/functionalities/interactive-map for more information.

Building for Success

Microservices Essentials for Executives: The Key to High Velocity Software Development

Source:

Richard Li

forENTREPRENEURS

“Software is eating the world” – Marc Andreesen

Companies thriving in the new world order have technology as a core competency. They build complex cloud applications. They constantly bring new capabilities and features to the market. And despite the constant iteration and updates to their cloud application, their software is rock-solid reliable. How do they

As a leader of an organization, one of the most important tasks is managing enterprise governance, risk, and compliance (GRC). At its core, a compliance program is a set of internal policies and procedures that are put in place at an organization to ensure compliance with all laws and regulations.

The importance of a robust compliance program is especially true in the wake of increasing regulations such as SOX, PCI, and HIPAA and the rapid transformation that has occurred in technology over the l

Cyberattack prevention measures will always be necessary. The constant threat of data breaches and other hacks is simply a fact of business. Priority targets are no longer limited to retailers and banks; insurers, hospitals, energy producers, and (most recently) a host of law firms are all at risk.

“Hackers broke into the computer networks at some of the country’s most prestigious law firms,” according to The Wall Street Journal. This doesn’t come as much of a surprise: What do organizations like

Conservative estimates of GRC software implementations place the cost at either $200,000 or 50% of total licensing costs, whichever is greater. Even when initial costs are low, many vendors make up for apparent price reductions with professional services, or customizations, required to make the product work. Professional services are so ingrained in the software landscape that many organizations now consider them a necessary evil if they are to reap the benefits of GRC.

But you shouldn’t be payin

Back in 2009, we blogged about the SEC’s decision to require board-level accountability for ERM. This decision was based on the conclusion that inadequate risk management allowed the regulatory failures that ultimately led to the financial crisis. As we wrote in that post, “boards are now required by the SEC to report in depth on how their organizations identify risk, set risk tolerances, and manage risk/reward trade-offs throughout the enterprise.”

That blog detailed an important ruling: it refe

Current research suggests that traditional risk management practices involving risk registers and software packages like Microsoft Excel might not be very effective anymore. Events over the recent years, e.g. 9/11, the financial crisis, or the nuclear disaster in Japan, have shown us that current risk management tools are insufficient to cope with (future) undesirable events.

Effective risk management is mainly about people and communication. Hence, we may need a more “human” approach to managing

LogicManager was recognized in a leading industry analyst’s most recent evaluation of the top 14 GRC software vendors. We take pride in the continued refinement of our product offerings and capabilities, as well as customer satisfaction levels unparalleled in the governance, risk, and compliance market.

LogicManager’s business model is designed to remove frustrations common with GRC solutions:

• Software upgrades are included in the subscription. They are also seamlessly integrated so your use of th

The role of today’s risk managers is clear: to close the gap between strategic-level initiatives and the operational risks faced at the activity level.

To do this, many organizations are adopting risk-based GRC programs – both at the request of senior management and to meet the expectations of regulators. A large number of these programs rely on spreadsheets and shared drives to manage information collected across departments and levels. But today’s GRC software solutions are proven to unlock val

In light of recent events, the Environmental Protection Agency is using new monitoring techniques to evaluate the quality of companies’ classifications and reporting of hazardous materials. Ironically, as we all learned recently, even the EPA itself isn’t immune to catastrophic, if preventable, mistakes. New compliance regulations increase the importance of standardized risk identification, mitigation, and monitoring strategies.

Two takeaways from this new development:

1. A variety of companies, part

Despite the growing necessity of robust risk management software for companies of all sizes, it’s easy to think of risk solutions as akin to insurance, like guardrails that prevent a vehicle from careening off a narrow mountain road; the thought of actually needing them in the event of a failure is too unsettling to dwell on.

That functionality is of course important, but what about day-to-day operations and costs? An efficient risk management process starts with identifying and assessing risks a

This past April, an Air Force reconnaissance airplane caught fire. At the time, 27 airmen were on the plane, and all their lives were put in danger. What went wrong and caused this costly error? According to U.S. Air Force investigators, the mistake traces back to an error in vendor management. In this case, a vendor failed to properly secure an oxygen tank, resulting in a “highly flammable oxygen-rich environment that ignited.”

Findings also indicate that problems with the military contractor ma

Take the Risk out of ERM and GRC Software

Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data “in the cloud” (a myth we explore below), and fall victim to the common misconception that on-premise solutions provid

Enterprise Risk Management (ERM) Software, unfortunately, is a poorly defined (and often poorly executed) concept, but by structuring your vendor selection around the core concepts of Enterprise Risk Management, Risk Managers can mitigate the inherent risks that accompany a software implementation.

Common Pitfalls of ERM Programs

The common maturity process of an ERM programs looks something like this: define our purpose with an ERM charter, define our process, and then seek automation to support

The Baker/baker complex, as illustrated in Joshua Foer’s Moonwalking with Einstein, states that if you ask one person to remember a baker and another to remember a man named Baker; the person asked to remember the proper noun will struggle far more than the person asked to recall the bread maker.

Same word, two very different outcomes because one provides your memory with context, while the other floats independently, devoid of the connections and methodology that improve our recall.

At LogicManag

The RIMS Risk Management Society (LogicManager’s co-author for the RIMS Risk Maturity Model) promotes the adoption of Risk Committees for organizations looking to formalize their enterprise risk management processes.

With more organizations adopting risk committees or similar governance groups, the question remains: What should risk managers present to their risk committee; or conversely, what should risk committees ask that their managers present to them?

Forrester Research, in their report on me

Last week, Insurance News Net’s Trish Ennis examined the relationship between occupational  health, safety risk management and reputational risk.

Texas City refinery. Upper Big Branch mine. Deepwater Horizon. Tazreen Fashions factory. Rana Plaza. Each of these tragedies was caused by a chain of events that included safety and health system deficiencies. They have something else in common, too: They all caused significant damage to the reputations of the organizations involved.”

Ennis highlights an

One of the most frequently cited differences between Software-as-a-Service (SaaS) and On-Premise installations is the degree of flexibility between each type of solution. With SaaS solutions on the rise for GRC and Risk Management Software, more and more organizations are realizing that everything they thought they understood about the differences between SaaS and On-Premise is wrong. So what can we learn from their mistakes?

A Conflict of Interest

On-Premise vendors make about 50% of their revenu

Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat