Governance, Risk & Compliance: GRC

Your one-stop hub for strategic frameworks and best practices that integrate governance, risk management, and compliance into daily operations. Explore insights and real‑world examples that turn complex mandates into clear, resilient programs.

Securing Our Ecosystem and Third-party Risk Management

SAI360’s supplier risk management and assessment requirements comply with ISO 27001 and are published in our Information Security Management System (ISMS). This includes policies relating to pre-contract supplier due diligence and ongoing monitoring of existing supplier relationships. SAI360 has instituted a risk-based approach to performing due diligence on perspective suppliers. The assessments include evaluation of the third party’s controls relevant to the security and data ...

By |2025-06-13T16:48:07+00:00July 11th, 2023|Data Privacy & Protection|

Technical and Organizational Measures (TOMS)

SAI360's Information Security program includes, but is not limited to, the following:   Roles and Responsibilities:  Established roles and responsibilities for information security, data protection, and compliance across the organization including assignment of Chief Information Security and Data Protection Officers, and Information Security Management Committee (ISMC) that consist of executive and senior leadership members who provide privacy, security, and compliance oversight Risk Management:  A risk ...

By |2025-06-13T16:48:26+00:00July 11th, 2023|Data Privacy & Protection|

Identifying and Addressing Security Threats

Identifying security threats and risks to the SAI360 infrastructure, applications, information assets, and overall environment is a continuous lifecycle which everyone at SAI360 has a responsibility to protect in order to maintain a secure environment. The following section will outline how SAI360 identifies security threats, mechanisms to protect against them and overall incident response process.   Security Testing Security testing is a multi-faceted approach in ...

By |2025-06-13T16:49:23+00:00July 11th, 2023|Data Privacy & Protection|

Personnel Onboarding

HR requires all SAI360 personnel complete SAI360 Code of Business Conduct training and Security Awareness \ Data Protection training within the first 30 days of employment or contractor engagement. Personnel are required to sign Confidentiality Agreements/Non-Disclosure Agreements (NDA’s), which require them to agree not to disclose, divulge, or reproduce confidential information that they receive or have access to during their employment or contract work period ...

By |2025-06-13T16:52:41+00:00July 11th, 2023|Business Continuity|

Compliance with Laws, Regulations and Standards

SAI360 complies with all applicable laws of the countries where it operates. The key legislation applicable to SAI360, in addition to other obligations and applicable national/state laws, is as follows: 201 CMR 17.00 (Massachusetts) Australian Privacy Act 1988 (C’th) California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) Colorado Privacy Act (CPA) Data Protection Act 2018 (UK) and UK General ...

By |2025-06-13T16:49:46+00:00July 11th, 2023|Data Privacy & Protection|

Securing Our Products and Services

Product and Software Development Lifecycle Product related software development is performed by dedicated SAI360 engineering personnel, which consists of system architects, application engineers and database developers. The engineering department is divided by area of expertise required by product and life cycle. Following the finalization of functional specifications, general software architecture is determined by the product software architect and a hosting services architect. In some cases, ...

By |2025-06-13T16:50:21+00:00July 11th, 2023|Data Privacy & Protection|

Security and Data Protection Approach

SAI360’s Information Security and Data Protection program is built on a foundation of standards and leading practices which takes a risk based, layered and data centric approach in protecting information assets. This includes but is not limited to ISO 27000 series, NIST Cyber Security Framework, SOC Trust Service Criteria, HIPAA, HITRUST and GDPR. SAI360’s security and data protection approaches are described below, including core principles, ...

By |2025-06-13T16:52:58+00:00July 11th, 2023|Data Privacy & Protection, Uncategorized|

The Importance of a Robust Conflict of Interest Program 

Conflict of interest (COI) is a serious issue that can have a significant impact on organizations of all sizes and industries. A COI occurs when an individual or organization has a personal or financial interest that could influence their judgment or decision-making. This can lead to biased decisions, decreased productivity, and even legal liability.  COIs—which involve situations where an individual or company has a ...

By |2025-12-22T16:32:46+00:00July 11th, 2023|Healthcare GRC|

Modernizing Your GRC Program

Why maturing your GRC program is essential Today’s business landscape is rapidly evolving, making it more challenging than ever to manage compliance and risk. Some of the risks companies face now didn’t even exist a few years ago. And previous solutions to minimize risk no longer work. Now is the time to modernize and future-proof your GRC program. A modern GRC program leverages technology to ...