2021 Healthcare Compliance Benchmark Report (pdf)
The 2021 Healthcare Compliance Benchmark Survey was designed to help compliance officers understand how their compliance program relates to the industry in the U.S.
A Review of Work from Home Strategies Pre-, During and Post-Pandemic (pdf)
This report was designed to learn more about the impact of work-from-home decisions made throughout the pandemic, to understand how to ensure a resilient organization.
5 Best Practices in Managing Data Privacy
International Data Privacy Day is January 28th. Here's a quick refresher of five best practices for organizations to manage data privacy risk by protecting personal data.
Regulatory Change Management Made Simple through GRC Software (pdf)
GRC software offers the tools to enable the business to efficiently operationalize and monitor regulatory change and effectively manage compliance risk.
Ensuring Health Plan Compliance with Federal Regulations
Why and how health plans can leverage strategic partnerships with technology providers that specifically address vendor risk management (VRM) to comply with ACA rules.
The Future of Regulatory Change Management
Does regulatory change happen in a vacuum? Or is it a reactive process? What do we need to look out for in 2022?
2020 HIPAA Compliance Benchmark Report (pdf)
This report summarizes the findings from the 2020 National HIPAA Compliance Benchmark Survey conducted by SAI360 and Strategic Management Services.
How Financial Services Benefits by Integrating Vendor Risk and Business Resilience Programs
This paper is a road map to integrate vendor and business continuity disciplines in financial services by aligning technological advances and best practices with evolving risk appetites and tolerance
Qualifying and Quantifying the Costs and ROI of Business Continuity Plans
Making the case for high availability outside of IT can be challenging, especially when it comes to budgeting for the cost of disaster recovery or failed business continuity planning.
Are You Team NIST or Team ISO?
These frameworks on managing information security risk don't have similar approaches. Which one is right for your organization, NIST 800-39 or ISO 27005?
