French Caldwell

A member of the Gartner Blog Network

Entries Tagged as 'compliance'


Gartner Legal IT Scenario, 2020 – Smart Machines and LPO Radically Disrupt Legal Profession

by French Caldwell  |  February 28, 2014  |  4 Comments

The first ever Gartner legal IT scenario is out, and it’s both controversial and not.  Many of the disruptions that we discuss in the scenario are well underway, such as the increasing demand for legal process outsourcing (LPO) and the use of advanced analytics  — so what’s new?  Well,  new are the dramatically disruptive effects [...]

4 Comments »

Category: Legal IT     Tags: , , , , ,

A Revolution in GRC Affairs at Gartner (or burning the EGRC mq)

by French Caldwell  |  February 4, 2014  |  3 Comments

Gartner’s coverage of vendors in the GRC marketplace is about to change.  The main reason for the change, as noted in the most recent Enterprise Governance, Risk and Compliance Platforms Magic Quadrant, is that GRC solutions buyers are shifting away from a platform-centric approach to one focused on targeted solutions for specific use cases. A [...]

3 Comments »

Category: Applications compliance GRC IT Governance Risk Management     Tags: , , , ,

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional. I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– [...]

1 Comment »

Category: Cloud compliance GRC public policy Risk Management Social Technology     Tags: , , ,

A Really Helpful Regulatory Change Tool

by French Caldwell  |  October 26, 2012  |  Comments Off

One of the questions I get all the time is, “Where can I find what regulations apply to me?”  I talked this morning to Fred Diers who has created GRMpedia which tracks regulations and their retention and reporting requirements.   Regs tracked include, marketing, finance, research and development, EHS, contracts, leases, IP, governance, HR and others.  [...]

Comments Off

Category: compliance GRC public policy     Tags: , , ,

Oh, Michael — Your Rant ….

by French Caldwell  |  October 10, 2012  |  1 Comment

Dear Michael – Good to hear from you.  Thanks for sending me your latest blog post.  I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts.  But I get it, it’s not me; [...]

1 Comment »

Category: Applications compliance GRC Risk Management     Tags: , ,

Time to Stop Misusing SSAE 16 in Vendor Marketing

by French Caldwell  |  October 9, 2012  |  5 Comments

Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before [...]

5 Comments »

Category: Cloud compliance GRC Standards Vendor Contracts     Tags: , ,

Congratulations to Morgan Stanley Smith Barney for Breaking the Mold on Social Media Compliance

by French Caldwell  |  July 1, 2012  |  1 Comment

Risk management and compliance is a hot topic and no where is it hotter than in banking.  And with all the banking scandals which illustrate more and more risk management failures in banking, it’s easy to overlook a fairly innocuous story on how one bank is taking the leap into social media in a big [...]

1 Comment »

Category: Uncategorized     Tags: ,

My 13th Sym — and I’m Still Not a Security Analyst

by French Caldwell  |  October 17, 2011  |  Comments Off

This is my 13th Orlando Symposium as a Gartner analyst.  I’m finding now that some clients are scheduling 1-1s because they know me and want to talk to me — regardless of what I cover as an analyst.  That’s nice, but a bit of a challenge — I hate to tell you this, but I [...]

Comments Off

Category: compliance GRC Risk Management     Tags: , , , ,

Make a Statement on the Proposed Google Privacy Consent Order

by French Caldwell  |  March 31, 2011  |  Comments Off

Shortly the Federal Trade Commission will publish in the Federal Register a proposed consent order as part of a settlement with Google with respect to privacy audits. The consent order comes about because of Google violating its own Gmail privacy policies when it launched Google Buzz. According to the FTC press release: The proposed settlement [...]

Comments Off

Category: compliance public policy     Tags: , ,

We Come to Kill GRC, Not to Praise IT

by French Caldwell  |  January 12, 2010  |  6 Comments

I’ve been involved in some discussions recently around GRC that remind me about the arguments around KM — as to whether it is a valid term or not.  The antagonists argue that GRC does more harm than good.  They argue that the term creates market confusion, that the vendors that claim to offer GRC solutions [...]

6 Comments »

Category: Uncategorized     Tags: , , , , ,