Few areas of technology are as contradictory as governance, risk and compliance. A company might do everything to be secure yet still not be in compliance.
For some, maintaining a focus on the governance, risk management and compliance (GRC) landscape is data security nirvana, the epitome of an ideally balanced data strategy. For others, it’s a maddingly frustrating and impossible task where conflicting geographic rules and industry standards make strict compliance untenable and the attempt counter-productive. Just to make life interesting, it turns out that both these perspectives have a semblance of truth.
The most popular suggestion for GRC compliance is to focus on the intent of regulators and standards bodies – most of which base almost everything on security and privacy best practices – and not the letter of their edicts. Many regulators, auditors and assessors are much more forgiving when they see that someone truly is trying to deliver a safe and secure environment and avoiding the checkbox mentality approach. That said, “many” does not equal “all,” which is why data security in 2017 is not for the faint of heart.
To read the full whitepaper, along with my comments on the topic, you can download direct from SC Magazine.
About Douglas Barbin
Doug Barbin is managing principal (and co-owner) responsible for firmwide growth and service delivery including new services, sales, global expansion, technology partnerships, business development, marketing, and key client relationships. During his more than 11 years at Schellman, he has been privileged to work with many of the world's leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 24 years’ experience, starting with a then Big 6 firm followed by a decade working in the cybersecurity and financial services industries. He maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He is very active in industry organizations and regularly speaks on commercial and government compliance and its application to cloud and other advanced technologies.