French Caldwell

A member of the Gartner Blog Network

Entries Tagged as 'vendor risk management'


#RSAC Buzz — Regulators Raising the Bar on Vendor Risk Management

by French Caldwell  |  February 27, 2014  |  2 Comments

  I went to the RSA conference once  — it was really busy and hearing from my buddies at the front, it’s now busier than ever.  So much for the boycott, eh? A lot of my security buddies are at RSA this week, and are broadcasting the buzz back to the rest of us here […]

2 Comments »

Category: Cloud compliance Cybersecurity Risk Management Third Party Risk Management Vendor Contracts     Tags: , , ,

A Revolution in GRC Affairs at Gartner (or burning the EGRC mq)

by French Caldwell  |  February 4, 2014  |  3 Comments

Gartner’s coverage of vendors in the GRC marketplace is about to change.  The main reason for the change, as noted in the most recent Enterprise Governance, Risk and Compliance Platforms Magic Quadrant, is that GRC solutions buyers are shifting away from a platform-centric approach to one focused on targeted solutions for specific use cases. A […]

3 Comments »

Category: Applications compliance GRC IT Governance Risk Management     Tags: , , , ,

The Risks Are Always Greener on the Other Side

by French Caldwell  |  October 24, 2012  |  Comments Off

I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard?  That way customers can see for themselves […]

Comments Off

Category: Cloud GRC Risk Management     Tags: , ,

Time to Stop Misusing SSAE 16 in Vendor Marketing

by French Caldwell  |  October 9, 2012  |  5 Comments

Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before […]

5 Comments »

Category: Cloud compliance GRC Standards Vendor Contracts     Tags: , ,