Identifying security threats and risks to the SAI360 infrastructure, applications, information assets, and overall environment is a continuous lifecycle which everyone at SAI360 has a responsibility to protect in order to maintain a secure environment. The following section will outline how SAI360 identifies security threats, mechanisms to protect against them and overall incident response process. Security Testing Security testing is a multi-faceted approach in ...
HR requires all SAI360 personnel complete SAI360 Code of Business Conduct training and Security Awareness \ Data Protection training within the first 30 days of employment or contractor engagement. Personnel are required to sign Confidentiality Agreements/Non-Disclosure Agreements (NDA’s), which require them to agree not to disclose, divulge, or reproduce confidential information that they receive or have access to during their employment or contract work period ...
SAI360 complies with all applicable laws of the countries where it operates. The key legislation applicable to SAI360, in addition to other obligations and applicable national/state laws, is as follows: 201 CMR 17.00 (Massachusetts) Australian Privacy Act 1988 (C’th) California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) Colorado Privacy Act (CPA) Data Protection Act 2018 (UK) and UK General ...
Product and Software Development Lifecycle Product related software development is performed by dedicated SAI360 engineering personnel, which consists of system architects, application engineers and database developers. The engineering department is divided by area of expertise required by product and life cycle. Following the finalization of functional specifications, general software architecture is determined by the product software architect and a hosting services architect. In some cases, ...
SAI360’s Information Security and Data Protection program is built on a foundation of standards and leading practices which takes a risk based, layered and data centric approach in protecting information assets. This includes but is not limited to ISO 27000 series, NIST Cyber Security Framework, SOC Trust Service Criteria, HIPAA, HITRUST and GDPR. SAI360’s security and data protection approaches are described below, including core principles, ...
Conflict of interest (COI) is a serious issue that can have a significant impact on organizations of all sizes and industries. A COI occurs when an individual or organization has a personal or financial interest that could influence their judgment or decision-making. This can lead to biased decisions, decreased productivity, and even legal liability. COIs—which involve situations where an individual or company has a ...
Why maturing your GRC program is essential Today’s business landscape is rapidly evolving, making it more challenging than ever to manage compliance and risk. Some of the risks companies face now didn’t even exist a few years ago. And previous solutions to minimize risk no longer work. Now is the time to modernize and future-proof your GRC program. A modern GRC program leverages technology to ...
Thank you for your interest in our whitepaper. Download In this whitepaper we highlight key considerations for modernizing your GRC program, including: How to assess your current GRC program Ways to engage stakeholders Advice to overcome obstacles Tips for evaluating solution providers
A survey released by SAI360 and Strategic Management Services, LLC shows healthcare compliance programs continue to evolve in response to the ever-changing healthcare landscape. The 14th annual survey, which polled over 200 healthcare organizations, found organizations are increasingly investing in compliance programs, with 80 percent of respondents reporting their compliance budget has increased in the past year. The survey also found organizations are taking a more proactive ...
Watch our webinar, where we highlight the importance of preparing with the APRA CPS 230 framework, best practices being used globally, and how the right GRC technology can help financial institutions meet these requirements. In this webinar, we discuss: An overview of the requirements of APRA CPS 230 and its relation to similar acts such as APRA CPS234 and the EU Digital Operational Resilience Act ...
