by French Caldwell | January 30, 2013 | Comments Off
I’m on the road this week — first Boston for client visits and then PwC’s industry analyst summit, and now New York for a day at the LegalTech conference. What struck me most with PwC is how they were talking SMAC — the convergence of social, mobile, analytic and cloud technologies — what Gartner calls [...]
Comments Off
Category: Cloud compliance Legal IT Social Technology Tags:
by French Caldwell | October 24, 2012 | Comments Off
I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard? That way customers can see for themselves [...]
Comments Off
Category: Cloud GRC Risk Management Tags: cloud, Risk Management, vendor risk management
by French Caldwell | October 9, 2012 | 5 Comments
Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before [...]
Category: Cloud compliance GRC Standards Vendor Contracts Tags: cloud, compliance, vendor risk management
