by
Morgan Prost / May 22, 2026
What happens if your tools get it wrong? During our KP Panel Interview hosted by Allie Krings, we got to hear from our Director of Quality Assurance, Jeneil, about what she’s seeing in the field: when organizations change how they talk about risk, everything else changes too. A risk-aware culture anticipates threats, while a reactive culture responds only after harm occurs. A reactive culture is easy to spot – it…
by
Morgan Prost / May 22, 2026
A good audit doesn't exist to hand out gold stars. Sometimes, the best compliment an auditor can receive is:"You were tough on us."On a recent call, the project director at a client company said exactly that about Shannon Lane's audit — and meant it as the highest praise.They'd worked with plenty of auditors before, but Shannon's approach was different. Where others moved quickly through the checklist, Shannon dug deeper, pushed…
by
Morgan Prost / May 22, 2026
Just because you bought a tool doesn't mean you're ready. Just because you’ve bought a tool doesn’t mean you are ready, you’ve just started. Kyle Pardue, KirkpatrickPrice’s VP of Sales, has noticed a growing trend: more prospects are pursuing audits for the first time, and putting GRC tool selection ahead of auditor evaluation. In one case, a company had purchased a GRC tool eight months before reaching out, only to admit, “We’re…
by
Morgan Prost / May 22, 2026
Don't just secure your code, secure the systems that build it. VP of Security Services, Randy Bartels, has seen a major shift in how teams manage their CI/CD pipelines. Jenkins, CircleCI, and other tools are being replaced by GitHub Actions at a rapid pace, but with that shift comes a new layer of responsibility: securing the runners—the Docker containers that execute the workflows and produce the artifacts used in production.In…
by
Morgan Prost / May 22, 2026
A breach notification policy doesn't have to be complex, but it does have to exist. During a recent privacy audit, one of our auditors, Suzette Corley, asked a simple question: “What’s your breach notification process?” The answer? Silence. Followed by: “We’d figure it out if something happened.” That’s more common than you think. Many companies assume they’ll improvise when a breach occurs. But when the clock starts ticking, improvisation becomes…
