by French Caldwell | February 6, 2013 | Comments Off
Even as the economic recovery gains momentum, risk management and compliance are still growing in importance. This trend should continue until there is a shift politically and culturally toward deregulation. In the Gartner CEO survey, regulatory risk was ranked as the number one business risk, and in the Gartner Forbes Board survey, risk management, legal [...]
Comments Off
Category: compliance Legal IT Risk Management Tags:
by French Caldwell | January 30, 2013 | Comments Off
I’m on the road this week — first Boston for client visits and then PwC’s industry analyst summit, and now New York for a day at the LegalTech conference. What struck me most with PwC is how they were talking SMAC — the convergence of social, mobile, analytic and cloud technologies — what Gartner calls [...]
Comments Off
Category: Cloud compliance Legal IT Social Technology Tags:
by French Caldwell | January 25, 2013 | 1 Comment
I’ve read through new draft guidance from U.S. financial services regulators on the use of social media. What struck me most is that instead of taking a compliance and control point of view, it talks instead of risks, and the need to ensure that social media risks are included in your risk management program. That’s [...]
Category: compliance public policy Risk Management Social Technology Tags:
by French Caldwell | January 3, 2013 | 1 Comment
I had a good discussion with Erik Heidt today about IT GRC management tools. We were talking about why there is an IT GRCM market that is distinct from the EGRC platform market. It’s clear that there is a separate market — vendors like Agiliance, RSAM, Lockpath and Modulo are IT GRC specific. The buyer [...]
Category: Applications compliance Cybersecurity GRC Risk Management Tags:
by French Caldwell | October 26, 2012 | Comments Off
One of the questions I get all the time is, “Where can I find what regulations apply to me?” I talked this morning to Fred Diers who has created GRMpedia which tracks regulations and their retention and reporting requirements. Regs tracked include, marketing, finance, research and development, EHS, contracts, leases, IP, governance, HR and others. [...]
Comments Off
Category: compliance GRC public policy Tags: compliance, Financial Regulations, Privacy, records retention
by French Caldwell | October 10, 2012 | 1 Comment
Dear Michael – Good to hear from you. Thanks for sending me your latest blog post. I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts. But I get it, it’s not me; [...]
Category: Applications compliance GRC Risk Management Tags: compliance, GRC, Risk Management
by French Caldwell | October 9, 2012 | 5 Comments
Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before [...]
Category: Cloud compliance GRC Standards Vendor Contracts Tags: cloud, compliance, vendor risk management
by French Caldwell | March 22, 2012 | Comments Off
Gartner conducted a global survey of CEOs and other senior executives concerning their business objectives, investment priorities and challenges. Some of the results related to risk management and compliance include: Regulation (22%) is ranked as the biggest business risk. Respondents also mentioned a wide variety of other business risk categories most of which were related [...]
Comments Off
Category: compliance GRC Risk Management Tags:
by French Caldwell | November 2, 2011 | Comments Off
Many risk managers are still in a situation where they’d like to be able to contribute strategically, but they find themselves in the position of spending a lot of time still reacting to events. The upcoming annual meeting season is an opportunity for risk managers to show that they can be more than just the [...]
Comments Off
Category: compliance public policy Risk Management Strategic Planning Tags: ERM, reputational risk
by French Caldwell | October 17, 2011 | Comments Off
This is my 13th Orlando Symposium as a Gartner analyst. I’m finding now that some clients are scheduling 1-1s because they know me and want to talk to me — regardless of what I cover as an analyst. That’s nice, but a bit of a challenge — I hate to tell you this, but I [...]
Comments Off
Category: compliance GRC Risk Management Tags: compliance, Gartner Symposium, GRC, strategy, symposium
