Thank you for your interest in our Investment Guide. Download In this GRC Investment Guide, we discuss: An overview of Governance, Risk and Compliance GRC software - The missing piece of the puzzle Embarking on your journey to GRC software implementation
SAI360’s supplier risk management and assessment requirements comply with ISO 27001 and are published in our Information Security Management System (ISMS). This includes policies relating to pre-contract supplier due diligence and ongoing monitoring of existing supplier relationships. SAI360 has instituted a risk-based approach to performing due diligence on perspective suppliers. The assessments include evaluation of the third party’s controls relevant to the security and data ...
SAI360's Information Security program includes, but is not limited to, the following: Roles and Responsibilities: Established roles and responsibilities for information security, data protection, and compliance across the organization including assignment of Chief Information Security and Data Protection Officers, and Information Security Management Committee (ISMC) that consist of executive and senior leadership members who provide privacy, security, and compliance oversight Risk Management: A risk ...
Identifying security threats and risks to the SAI360 infrastructure, applications, information assets, and overall environment is a continuous lifecycle which everyone at SAI360 has a responsibility to protect in order to maintain a secure environment. The following section will outline how SAI360 identifies security threats, mechanisms to protect against them and overall incident response process. Security Testing Security testing is a multi-faceted approach in ...
HR requires all SAI360 personnel complete SAI360 Code of Business Conduct training and Security Awareness \ Data Protection training within the first 30 days of employment or contractor engagement. Personnel are required to sign Confidentiality Agreements/Non-Disclosure Agreements (NDA’s), which require them to agree not to disclose, divulge, or reproduce confidential information that they receive or have access to during their employment or contract work period ...
SAI360 complies with all applicable laws of the countries where it operates. The key legislation applicable to SAI360, in addition to other obligations and applicable national/state laws, is as follows: 201 CMR 17.00 (Massachusetts) Australian Privacy Act 1988 (C’th) California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) Colorado Privacy Act (CPA) Data Protection Act 2018 (UK) and UK General ...
Product and Software Development Lifecycle Product related software development is performed by dedicated SAI360 engineering personnel, which consists of system architects, application engineers and database developers. The engineering department is divided by area of expertise required by product and life cycle. Following the finalization of functional specifications, general software architecture is determined by the product software architect and a hosting services architect. In some cases, ...
SAI360’s Information Security and Data Protection program is built on a foundation of standards and leading practices which takes a risk based, layered and data centric approach in protecting information assets. This includes but is not limited to ISO 27000 series, NIST Cyber Security Framework, SOC Trust Service Criteria, HIPAA, HITRUST and GDPR. SAI360’s security and data protection approaches are described below, including core principles, ...
Conflict of interest (COI) is a serious issue that can have a significant impact on organizations of all sizes and industries. A COI occurs when an individual or organization has a personal or financial interest that could influence their judgment or decision-making. This can lead to biased decisions, decreased productivity, and even legal liability. COIs—which involve situations where an individual or company has a ...
Why maturing your GRC program is essential Today’s business landscape is rapidly evolving, making it more challenging than ever to manage compliance and risk. Some of the risks companies face now didn’t even exist a few years ago. And previous solutions to minimize risk no longer work. Now is the time to modernize and future-proof your GRC program. A modern GRC program leverages technology to ...
