4 Phases of a Compliance Management System (CMS)

by Sarah Harvey / July 23rd, 2015

According to the CFPB, a “robust and effective compliance management system” is a critical component of the structure of an organization. Best practices define a Compliance Management System (CMS) as a set of interrelated or interacting elements that organizations use to direct and control how compliance policies are implemented and compliance objectives are achieved. Since the CMS is essentially the foundation of your organization, let’s start from the bottom and…

5 Topics to Include in Your Security Awareness Training Program

by Sarah Harvey / July 9th, 2015

Regularly training your employees is a critical component of compliance and security in your organization. The risk of an employee not understanding the potential security threats facing them as a frontline target could be just the opening that an attacker needs to create a security breach. You are only as strong as your weakest link, so implementing a regular security awareness training program is crucial to ensure that you’re doing…

Style Guide to Writing Good Procedures

by Sarah Harvey / May 27th, 2015

Last week, we explored the process of writing effective policies. This week we will take a look at what goes in to writing effective procedures; the policy counterpart. Procedures are the process or task instructions on how, exactly, a policy is followed. They communicate the responsibility for a task or a process. Where a policy defines the rule as a guide to employees making decisions and mandatory rules that require…

Style Guide to Creating Good Policies

by Sarah Harvey / May 19th, 2015

Countless regulatory compliance and client requirements depend on clear and appropriate policies and procedures to demonstrate how organizations are conducting their business. Without defined policies and procedures, you face the threat of heavy fines from regulatory governing bodies, loss of business, or loss of data. As auditors, we find that many of our own clients struggle with understanding the organization of a policy, what does belong in a policy, what…

Life’s a Breach: 6 Steps of Incident Response

by Sarah Harvey / April 14th, 2015

Cyberattacks and data breaches are things all business owners have learned to accept as a possibility. Breaches and hacks penetrate the headlines almost daily, and as technology continues to evolve, so do the ever-present threats associated with these types of risks. There are two sides to every breach, however. Prevention and recovery. You’re most likely already taking steps towards protecting your organization from the possibility of a breach, but have…