by French Caldwell | October 26, 2012 | Comments Off
One of the questions I get all the time is, “Where can I find what regulations apply to me?” I talked this morning to Fred Diers who has created GRMpedia which tracks regulations and their retention and reporting requirements. Regs tracked include, marketing, finance, research and development, EHS, contracts, leases, IP, governance, HR and others. [...]
Comments Off
Category: compliance GRC public policy Tags: compliance, Financial Regulations, Privacy, records retention
by French Caldwell | October 10, 2012 | 1 Comment
Dear Michael – Good to hear from you. Thanks for sending me your latest blog post. I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts. But I get it, it’s not me; [...]
Category: Applications compliance GRC Risk Management Tags: compliance, GRC, Risk Management
by French Caldwell | October 9, 2012 | 5 Comments
Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before [...]
Category: Cloud compliance GRC Standards Vendor Contracts Tags: cloud, compliance, vendor risk management
by French Caldwell | July 1, 2012 | 1 Comment
Risk management and compliance is a hot topic and no where is it hotter than in banking. And with all the banking scandals which illustrate more and more risk management failures in banking, it’s easy to overlook a fairly innocuous story on how one bank is taking the leap into social media in a big [...]
Category: Uncategorized Tags: compliance, social
by French Caldwell | October 17, 2011 | Comments Off
This is my 13th Orlando Symposium as a Gartner analyst. I’m finding now that some clients are scheduling 1-1s because they know me and want to talk to me — regardless of what I cover as an analyst. That’s nice, but a bit of a challenge — I hate to tell you this, but I [...]
Comments Off
Category: compliance GRC Risk Management Tags: compliance, Gartner Symposium, GRC, strategy, symposium
by French Caldwell | March 31, 2011 | Comments Off
Shortly the Federal Trade Commission will publish in the Federal Register a proposed consent order as part of a settlement with Google with respect to privacy audits. The consent order comes about because of Google violating its own Gmail privacy policies when it launched Google Buzz. According to the FTC press release: The proposed settlement [...]
Comments Off
Category: compliance public policy Tags: compliance, Privacy, Public Policy
by French Caldwell | January 12, 2010 | 6 Comments
I’ve been involved in some discussions recently around GRC that remind me about the arguments around KM — as to whether it is a valid term or not. The antagonists argue that GRC does more harm than good. They argue that the term creates market confusion, that the vendors that claim to offer GRC solutions [...]
Category: Uncategorized Tags: compliance, governance, GRC, knowledge management, Risk Management, strategy
by French Caldwell | January 10, 2010 | 3 Comments
While most GRC market watchers were analyzing the EMC-Archer deal, another perhaps even more telling merger was occuring. The CEOs of BPS and Resolver, two small Canadian enterprise GRC platform vendors, brought their two companies together. BPS’ market focus has been large companies, while Resolver has focused on small to mid-size companies. The combination of [...]
Category: Uncategorized Tags: compliance, GRC, Risk Management
