French Caldwell

A member of the Gartner Blog Network

Archives for October, 2012


Expect to Hear About How Social Tech Enabled Self Relief in Sandy

by French Caldwell  |  October 31, 2012  |  2 Comments

I expect to hear a lot of stories about social technology keeping people connected in the aftermath of Sandy — just as after Katrina.  However, I am also expecting these stories to take a twist — we will hear about how neighbors organized self-relief efforts using social media. Social media has been playing a part […]

2 Comments »

Category: public policy Risk Management Social Technology     Tags: , , ,

A Really Helpful Regulatory Change Tool

by French Caldwell  |  October 26, 2012  |  Comments Off

One of the questions I get all the time is, “Where can I find what regulations apply to me?”  I talked this morning to Fred Diers who has created GRMpedia which tracks regulations and their retention and reporting requirements.   Regs tracked include, marketing, finance, research and development, EHS, contracts, leases, IP, governance, HR and others.  […]

Comments Off

Category: compliance GRC public policy     Tags: , , ,

The Risks Are Always Greener on the Other Side

by French Caldwell  |  October 24, 2012  |  Comments Off

I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard?  That way customers can see for themselves […]

Comments Off

Category: Cloud GRC Risk Management     Tags: , ,

One Week Left to the Rockefeller Cybersecurity Deadline — CEOs, What Do You Want To Do?

by French Caldwell  |  October 12, 2012  |  Comments Off

In the last week I’ve had two calls with companies deciding how to respond to the cybersecurity letter that Sen. Rockefeller sent to the CEOs of Fortune 500 companies.  The deadline to respond is 19 October. CEOs are not required to respond, and with the demise of the Cybersecurity Act of 2012, it’s tempting not […]

Comments Off

Category: Cybersecurity public policy Risk Management     Tags: , ,

BioNet Risks — Will Your Smartphone Catch the Flu?

by French Caldwell  |  October 11, 2012  |  Comments Off

Wow – just as we’re starting to grapple with the future of risk from social media and along come researchers with the biological internet.  The Harvard DNA storage story broke a few months ago, and now researchers at the Stanford School of Medicine have gotten cells to communicate through DNA packets – with a range of […]

Comments Off

Category: Uncategorized     Tags:

Oh, Michael — Your Rant ….

by French Caldwell  |  October 10, 2012  |  1 Comment

Dear Michael – Good to hear from you.  Thanks for sending me your latest blog post.  I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts.  But I get it, it’s not me; […]

1 Comment »

Category: Applications compliance GRC Risk Management     Tags: , ,

Time to Stop Misusing SSAE 16 in Vendor Marketing

by French Caldwell  |  October 9, 2012  |  5 Comments

Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before […]

5 Comments »

Category: Cloud compliance GRC Standards Vendor Contracts     Tags: , ,