Ethics & Sustainability
Health and Safety
Sector - Healthcare
Personal Data Security
Data Security for Business - Servers
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Server security is a fundamental requirement for protecting data.
Data Security for Business - Employees
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Employee security is a fundamental requirement for protecting data.
Data Security for Business - Transmission
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Data transmission security is a fundamental requirement for protecting data.
Data Security for Business - Website & Cloud
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Website and cloud application security is a fundamental requirement for protecting data.
Insider Threat Mitigation Program
Company employees, contractors, and other insiders poise a significant threat to your data security. If not managed properly, the risk of an intentional or unintentional data breach increases significantly. An insider threat mitigation program ensures the continuous evaluation of operations, employee involvement, and safe keeping of your critical data.
Intellectual Property Use and Protection
Intellectual Property (IP) is highly valuable, and is often considered the crown jewel of a company. It's what separates you from competitors. Others may attempt to steal, copy, or destroy your intellectual capital. Protecting these logical assets usually requires a multi-pronged proactive strategy. IP governance provides a structured approach to identify, develop, protect, defend, exploit, and manage the asset.
Patch management is one of the most important methods for reducing the chance of a cyber crime against your business. However patch management is often a complicated process because of the variety of software used in a company and the effect on a business if a patch rollout fails or is not performed. Reduce the risk of not applying patches by following a structured approach to patch management.
Industrial Control Systems Security
Equipment used in manufacturing processes have special controls and system requirements. Physical danger to employees and even surrounding areas are possible if access to these Industrial Control Systems (ICS) are breached. Because of unique requirements, ICS is segregated from a company's IT network and systems. Adherence to these controls will reduce the risk of exposure to criminal elements.
IOT Device Usage Controls
Internet of Things (IoT) devices are found in nearly every aspect of business and life. Historically security on IoT devices have been lacking, either through design or lack of security updates. Cyber criminals are increasing their attacks against such vulnerabilities. IoT usage controls can greatly shrink the security gaps.
IOT Device Development Controls
Internet of Things (IoT) devices can be physically or virtually connected to computers or other systems. And when a device contains sensitive customer or business information, it becomes a big target for the criminal element. Proper IoT development controls will reduce the security risk to customers using your devices.
Bring Your Own Device (BYOD) is prevalent in the workplace, especially when using contractors and freelancers. When you allow employees to use their personal devices, such as laptops, smartphones, and tablets, to access your system or data, whatever is on that device can infect your system. Managing BYOD reduces the cybersecurity risk.
Data Security Policies and Procedures
Data security policies are a starting point for identifying the security issues most important to a business, in addition to providing employees and contractors a guide for how to properly act while on your systems or using the information. Key vulnerabilities include internet usage on a company network, password requirements, email usage, social media postings, and USB usage.
P2P File Sharing Controls
Employees, contractors, vendors, partners, or anyone else sharing and transmitting your valuable data is a potential point for data corruption or loss. Peer-to-peer (P2P) file sharing is a method to easily swap data between different parties. P2P controls reduce the risk of systems being infected at critical interfaces in the process.
Cybersecurity - Planning
Securing your systems and applications from criminal cyber elements requires a structure that ensures key areas are consistently addressed. A cybersecurity plan focuses on risks, policies and procedures, training, and strategy planning.
Cybersecurity - Incident Response Plan
Cybersecurity events can be small and occur over an extended period or be large and immediately impact your business viability. An incident response (IR) plan focuses on how to identify, respond, and recover from such events. Events hit businesses without warning, and a thoughtful plan provides guidance in chaotic moments.
Cybersecurity - Training
Employees and contractors are an asset to maintaining security around your systems. But they can also be a huge liability if uneducated on cybersecurity. A cybersecurity training program ensures everyone in your business stays current and aware of the cyber pitfalls.
Data Usage - Presentation
Companies gather data from many sources, but it often languishes in computers until it becomes obsolete. Using this data can provide new insights into your business, and sometimes be another source of revenue. A business must focus on using existing data, and supplement it with external data if helpful. Focus on presenting the information and KPIs using dashboards and other visualization tools.
Data Usage - Capture & Analysis
Companies gather data from many sources, but it often languishes in computers until it becomes obsolete. Using this data can provide new insights into your business, and sometimes be another source of revenue. A business must focus on using existing data, and supplement it with external data if helpful. Develop the discipline to capture and analyze the information generated by your business.
Data Management for Business
Companies rely on data for decision making and managing operations. But when this data is not properly obtained, scrubbed and cleansed, and retained, it is costly. Unhappy customers and vendors, poor decisions, and non-compliance are just a few results. Properly managing your data from the beginning to the end will ensure confidence when using your information.
Data Laws and Regulations by Location
There are multiple laws and regulations related to the security and management of customer data. Regions, countries, and states throughout the world have different requirements. A company is responsible for meeting the specific requirements of each location they operate in.
Data Regulation EU GDPR
The primary goal of GDPR is to give control of personal data back to citizens and residents of the EU. This is reflected by requirements that subjects give consent before data is processed, that collected data is anonymized (remove identifiable information) and safely handled when transferred, and that breaches are handled with the utmost urgency and care. The regulation also applies strict rules to the export of personal data to entities outside of the EU and requires certain types of companies to appoint data protection officers for overseeing GDPR compliance within their organizations.
Data Regulation US CA Shine the Light
California Civil Code 1798.83 to .84 requires all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.
Data Regulation PCI DSS
PCI DSS compliance is essential for any company handling credit card information. It entails maintaining a secure data network, regularly monitoring networks, and implementing security controls, among other rules. Most small-to-medium sized businesses fall into Level 4 (<20,000 transactions per year) and are required to submit the relevant Self-Assessment Questionnaire (SAQ) report.
Data Regulation US HIPAA
Sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance. Regulations focus on the handling of medical information, including privacy and security. The regulation requires that any company handling healthcare data, from hospitals to insurance companies, must comply with HIPAA security standards when transmitting and storing electronic protected health information (ePHI).
Data Regulation US HBNR
The Federal Trade Commission (FTC), the nation’s consumer protection agency, has issued the Health Breach Notification Rule to require certain businesses not covered by HIPAA to notify their customers and others if there’s a breach of unsecured, individually identifiable electronic health information. This FTC rule does not apply if you are a HIPAA covered entity or to the extent you are acting as a HIPAA business associate.
Data Regulation US Red Flags Rule
Identity Theft Red Flags Rule requires financial institutions to implement a program to detect, prevent, and mitigate identity theft.
Data Regulation US SOX 404
The goal of SOX 404 is to implement accounting and disclosure requirements that increase transparency in corporate governance and financial reporting. Focus is on a company's formal system of internal checks and balances. Information technology (IT) controls are specific activities performed by persons or systems to ensure that business objectives are met. IT control objectives relate to the confidentiality, integrity, and availability of data.
Data Regulation US CCPA
The new California data privacy act SB1386 or AB-375 was effective Jan 1, 2020. The CCPA focuses exclusively on data collection and privacy. Citizens have the right to bring a civil action against companies that violate the law.
Data Regulation CAN CASL
The Canadian law sets clear requirements for all commercial emails. The Canadian Radio-television and Telecommunications Commission (CRTC) works hand in hand with its international counterparts—including agencies in the U.S., U.K., and Australia—to investigate and enforce violations of CASL by international senders.
Data Regulation US Privacy Shield
The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the Privacy Shield Principles. Requirements of the EU-U.S. and Swiss-U.S. Privacy Shield are the same.
Data Regulation US COPPA
Data Regulation US GLBA
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Data Regulation US Disposal Rule
Any large or small business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Disposal Rule requires disposal practices that are reasonable and appropriate.
Data Regulation US CAN-SPAM
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service."
Data Regulation US OH Data Protection Act
Provides organizations with a legal incentive to achieve a “higher level of cybersecurity” by maintaining a cybersecurity program that substantially complies with any one of the approved industry-recommended frameworks. Companies in compliance with any of the frameworks are entitled to a “legal safe harbor” as a defense against legal claims related to a data breach stemming from alleged failures to adopt reasonable cybersecurity measures.
Data Regulation US CT Gen Statute 42-471
Conn. Gen. Stat. § 42-471 requires any company who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.
Data Regulation US DE Code 6-205C
Data Regulation US NV NRS 603A
Nevada Revised Statutes, Chapter 603A, focuses on the security of personal information.
Data Regulation US UT Code 13-37-201
Utah law 13-37-201 to -203, although not specifically targeted to online businesses, require all non-financial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation.
Risk Assessment and Management
Taking risks is part of doing business. Addressing up front the risks that most affect a particular company and industry helps reduce the negative impact if it occurs. Results from not addressing risks range from inconvenience to devastating. But managing risks can soften the financial blow and enable long term success.
Change Control Governance
Physical and digital changes are constantly made in business operations. But connected to each change is often a chain of other actions to consider, both before and after the change. Changes to processes, products, or services has serious ramifications to your success and reputation if done incorrectly. Change control is meant to reduce the chances of a key item being missed or not communicated.
Machinery Controls - Program Management
Proper maintenance on your business machinery and equipment is critical for maximizing its value, whether the equipment is used for manufacturing widgets, doing calibrations, or producing lab results. But machinery maintenance must be consistent and continuous. Establish and manage a program to effectively maintain business machinery and equipment, including documentation, ownership and responsibility, policy and procedures, and training.
Machinery Controls - Maintenance
Proper maintenance on your business machinery and equipment is critical for maximizing its value, whether the equipment is used for manufacturing widgets, doing calibrations, or producing lab results. Great maintenance is preventive and not reactive. Follow a structured method to ensure effective maintenance controls, including inspections, preventive maintenance, operating procedures, safety, and systems access.
Mobile Equipment Management Program
Managing a mobile equipment program covers several areas, primarily focusing on the safety of employees and machinery and ensuring reliable and available equipment. Structured mobile equipment guidelines focus on preventive maintenance, repairs and services, operating equipment, pedestrian safety program, policies and procedures, operator training, spare parts management, accounting for equipment, and meeting laws and regulations.
Project Management - Pre-project Work
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting the competing needs. Considering all the key elements when initiating a project provides the only realistic chance of delivering successful projects. During project initiation, define business expectations by addressing benefits, stakeholders, and a project charter. This is the first of four project management governance topics.
Project Management - Planning
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting all the competing needs. There are many issues to consider when planning for a project, including detailed requirements, cost, schedule, communications and engaging stakeholders, quality, resources, risk, and procurement. Project planning entails how you plan to complete the project, based on the resources and environment within your company. This is the second of four project management governance.
Project Management - Execution
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting all the competing needs. There are many issues to consider when undertaking or executing a project, including managing change control, communications, cost control, schedule control, scope control, resources, quality, risk, procurement, closing, and transition to operations. Project execution involves managing, directing, monitoring, and controlling the project details, starting with the project plan and adjusting it to meet the inevitable issues that arise. This is the third of four project management governance topics.
Project Management - Oversight
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting competing needs. There are many issues to consider when overseeing project work, including project selection, programs, portfolio, policies and processes, standards and guidelines, project documentation, and organizational structure. This applies whether you have a formal project management office (PMO) or a small management team to oversee projects. This is the fourth of four project management governance topics.
Disaster Recovery Plan
Like life insurance, a disaster recovery plan (DRP) is something you hope never to use but it definitely helps if something disastrous happens. A DRP addresses the possible risks to all your key systems, without which your business would have difficulty functioning. Whether a disaster caused by employees, criminal elements, or nature, preparedness is critical to returning your business back to full functionality.
Data Breach Notification
Companies that manage or possess customer or employee personal information are responsible for reporting theft or disclosure of that data. Each state and country has its own requirements for reporting a security breach of personal data. A data breach plan is designed to address the technical and administrative requirements before a data breach occurs so that the focus can stay on breach remediation.
User Access Management
User access controls, or lack of them, is a leading reason how cyber criminals can access business data. System and application access controls focus on keeping your user access list current and clean. This requires a focus on terminations, special privileges (admin rights), contractors, and regular reviews.
Privileged Access Management
Unwanted access into systems to abuse or steal valuable company data is usually accomplished using privileged accounts. Privileged accounts provide almost unlimited access to critical business systems and information. Actively managing privileged system access (PAM) is undoubtedly a key component of stopping cyber theft, ransomware, and other system attacks.
Separation of Duties (SOD)
Separation of Duties (SOD), also known as Segregation of Duties, is a key component of many regulations and a focal point for various types of audits. Implementing SOD helps improve compliance and security, reducing the risk of fraud by eliminating conflicts of interest. Know how to identify where one person has excess control over a critical process.
Application Development Controls
Security holes in applications are sought by cyber criminal elements. Whether internal or external applications, security controls are needed to safeguard valuable information. Consistently adhering to basic application development controls reduces the possible vulnerabilities in your systems.
A policy is a documented management statement that identifies an important company issue and states why it needs to be done. Clear and concise policies provide all stakeholders with a good understanding of how your business wants to operate. Policy Development defines the guidelines for creating these solid policies. The lack of a comprehensive policy can sway a legal opinion and ruling. So it's critical to get the policy right from the beginning.
A successful policy clearly states the requirements for everyone operating within a business. Policy management defines how to maintain existing policies as circumstances change. A policy that does not match what is actually happening in your company is confusing to internal and external stakeholders. In some cases, inaccurate policies may have serious legal ramifications.
Enterprise IT Governance
Regardless of company size and products provided, information technology (IT) is the backbone that keeps it running. But often an IT function is not aligned with company goals. This results in mistrust, frustration, wasted money, and failed projects. IT enterprise governance focuses on aligning and blending IT requirements to keep the lights on and simultaneously work with the business to grow its value.
Every company has areas critical to their success. Any function which keeps the business successful, for example data, processes, or security management, should receive the highest level of scrutiny. To satisfy both internal and external demands, these success factors should be periodically audited and reviewed. This means implementing a simple but effective audit program.
Software License Management
Every company has software to support operations or systems. A software license is the legal right to use this software according to the vendor's terms and conditions. Not adhering to a license agreement has compliance and monetary ramifications. A software license management or governance plan greatly reduces the chance of an expensive compliance issue and helps save money by purchasing and using only licenses that are necessary.
Internal investigations may be required for many reasons, including expected fraud, safety violations, non-compliance to internal policies, cyber crime, environmental complaints, vendor misrepresentation, harassment, and employee privacy violations. An internal investigation protocol provides a structured approach that ensures any evaluation of what may have gone wrong is carried out properly. Internal investigations are often associated with a serious legal issue. Knowing how to adequately prepare for, execute, followup, and close an investigation has a huge impact on legal liabilities.
Compliance and Governance Management
Compliance and governance officers, managers, and regulatory program managers coordinate across a company to ensure process controls align with policies and procedures, which help to ensure your company meets internal and external laws, regulations, and licensing requirements. But long-term success for your compliance function means an ongoing assessment of its personnel and activities.
Comprehensive GRC Program
Failure to meet legal, regulatory, or other compliance requirements can be damaging to a company. Compliance touches upon most, if not all, aspects of a business. Therefore it takes a thoughtful and coordinated effort to ensure everyone understands and adheres to compliance demands. Maintain a structured governance, risk, and compliance (GRC) program that provides effective oversight and helps meet your regulatory needs.
Compliance Effectiveness - Program Design
The U.S. Department of Justice Criminal Division considers certain factors when determining if a company has an adequate and effective corporate compliance program against misconduct. This becomes critical if your company finds itself being investigated for improper behavior. Even if you never expect to be in that position, utilize this structure to ensure the company's compliance program is well-designed.
Compliance Effectiveness - Program Management
The U.S. Department of Justice Criminal Division considers certain factors when determining if a company has an adequate and effective corporate compliance program against misconduct. This becomes critical if your company finds itself being investigated for improper behavior. But even if you never expect to be in that position, utilize this structure to ensure the company's compliance program is adequately resourced and empowered to function effectively.
Compliance Effectiveness - Program in Practice
The U.S. Department of Justice Criminal Division considers certain factors when determining if a company has an adequate and effective corporate compliance program against misconduct. This becomes critical if your company finds itself being investigated for improper behavior. But even if you never expect to be in that position, utilize this structure to ensure the company's compliance program is working in practice.
Vendor Management - Relationships
Materials, products, services and other items consumed by your business ultimately reflect in your product or service. A vendor relationship starts before the contract is signed and continues throughout the life of the partnership. Nurture the often-neglected relationship with strategic vendors using open communication and mutually beneficial problem solving.
Vendor Management - Performance
Materials, products, services and other items consumed by your business ultimately reflect in your product or service. The performance of strategic and critical vendors and suppliers must be measured and analyzed. Focus on tracking issues, establishing key performance metrics, managing contract compliance, and securing shared data.
Vendor Management - Selection Process
Materials, products, services and other items consumed by your business ultimately reflect in your product or service. What comes into your company directly affects what your immediate stakeholders and customers see. Select the best vendor for your business needs by ensuring that business operations are involved in the evaluation, that company requirements are clearly defined, that the vendor demonstrates continuous improvement, and that performance criteria is specified up front.
Vendor Management - Program
Develop a vendor management program that accounts for managing vendor risks, ensures vendor contracts are tightly controlled, communicates and tracks changes to products and processes, and develops appropriate vendor policies and a code of vendor conduct to address key concerns.
Inventory Management - Optimal Levels
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. But an accurate inventory valuation and optimal inventory levels enhances sales and operations.
Inventory Management - Physical Counts
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. Performing accurate physical inventory counts helps confirm that your overall inventory management program is working.
Inventory Management - Reports & Systems
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. Quality inventory metrics and reports ensure the company is focused on the critical inventory management requirements. An inventory system must provide timely, accurate, and secured information.
Inventory Management - Program
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. That is why inventory planning and forecasting must involve all levels of management and nearly all departments. Inventory policies and procedures help ensure a consistent and sustainable approach to inventory planning and operations.
Strategic warehouse planning, efficient processes, performance measurements, workers health and safety, and plant layout all contribute to effective supply chain fulfillment. Implementing process controls and an optimal floor layout in a warehouse operation are critical to ensuring a customer's order is filled and delivered as promised. In addition, it is absolutely necessary to provide workers a safe environment. Having a sound warehouse management governance program in place will enable you to effectively and efficiently meet order requirements.
An inevitable but essential aspect of selling a product online is having your product returned. Customers often make a purchase based on a company's return policy. It is critical for customer retention and reducing costs to have an active reverse logistics program. There are many aspects of reverse logistics, including clearly articulating the return policy, simplifying the customer requirements, getting back the product, determining what to do with the returned product, and closing the return cycle. Follow a structured approach to product returns governance.
There are strict laws regarding certain minerals often mined from areas of conflict. Critical processes and requirements must be adhered to if you are a downstream company that utilizes these minerals in your products. Based primarily on the Organisation for Economic Co-operation and Development (OECD) Due Diligence Guidance, follow a structured method to ensure you know your supply chain and can be assured that your company has taken reasonable steps to utilize only legitimately obtained conflict minerals.
Environmental Sustainability - Program
Many countries are tightening requirements for adding waste to landfills, cleaning the air and water, and in general improving the environment. At the same time, more consumers are wanting to buy more environmentally friendly products. An environmental sustainability program ensures you follow a structured approach for assessing, reporting, and continuously improving.
Environmental Sustainability - Operations
Many countries are tightening requirements for adding waste to landfills, cleaning the air and water, and in general improving the environment. At the same time, more consumers are wanting to buy more environmentally friendly products. Environmental sustainability must continuously focus on improving your operations.
Environmental Sustainability - Product
Many countries are tightening requirements for adding waste to landfills, cleaning the air and water, and in general improving the environment. At the same time, more consumers are wanting to buy more environmentally friendly products. Environmental sustainability must focus on continuously improving your products and product packaging.
Business Ethics Practices
Practical steps are necessary to ensure ethical people are hired and employees know how to make sound ethical decisions on a day-to-day basis. Employees, including managers, need to be educated, trained, and engaged. A company must seek to improve the community around them. Creating an ethical organization requires effort to establish and maintain.
Business Ethics Management
Good ethical behavior leads to trusting employees, customers, partners, and vendors, which leads to better company performance. Poor ethics leads to negative feelings about the company, lost opportunities, and even criminal charges. Organizational integrity is created through an ethics program that emphasizes a code of ethics, leadership, self-assessment, confidential reporting, and continuous training.
Every community in which a company operates or employees live has needs. The right thing to do in any society is to provide help and give something back. Develop a community outreach program that will ensure that your company stays focused on being a good corporate citizen.
Worker Health and Safety
One of the most important actions and demonstration of concern a company can make is to ensure every worker returns home in the same condition as when they left. The well being of workers and the monetary loss from non-compliance demands focused attention on health and safety (H&S). Developing and maintaining a culture of safety in the workplace absolutely necessitates a structured approach that ensures H&S requirements are understood and lived by all workers.
Mental Health in the Workplace
Workplace mental health and well-being is a critical priority, impacting the health of individual workers and their families, organizational productivity, and the bottom line for businesses. The U.S. Surgeon General's office offers a framework that all companies and industries can follow. Explore ways to better enable all workers to thrive within the workplace and beyond.
Artificial Intelligence Governance
Artificial Intelligence (AI) is integrating into nearly everything we interact with, and the pace of development is accelerating. But AI brings with it certain unique concerns around privacy, built in human bias, ethical and cultural bias, and unintended consequences. The developing and evolving focus on AI governance will help you address these concerns and provide guidance in an area affecting both small and large businesses in nearly all industries.
Robotic Process Automation
Automating processes to manage high volumes of transactions using virtual robotic systems requires adjusting how employees interact with these non-human entities. Robotic process automation (RPA) is not just another system or database tool. There are implications to your workforce, systems, processes, procedures, security, risk, access, and change control. Understand how to properly manage the technical and process changes that a robotic ('bot') system brings to a company.
A growing number of companies who develop software or simply expose their software externally implement a bug bounty program. A bug bounty program provides an additional method to strengthen your cybersecurity position using knowledgeable third parties. Making the vulnerability disclosure program useful and sustainable requires steps which, if consistently performed, provide a great way to proactively reduce application and system security risks.
Focus should be on what differentiates your business from others. Your strength is where a difference is made, not in performing non-core work that many others can accomplish. Whether someone else does the task, job, service, or operation locally, on premise, offshore, or nearshore, proper controls will help ensure a successful outsourcing relationship.
First 100 Days for Leaders
Many leaders/managers are promoted or hired into a new role and expected to establish themselves immediately. This is rarely realistic. But when a company follows a structured approach during the first 100 days and provides guidance for each person moving into a leadership position, stress is reduced and productivity leaps. Most important, the chances of retaining a new leader are greatly increased.
The task of attracting and keeping talented employees is becoming more difficult as it becomes easier to move between companies. Workers are looking for something more meaningful. Focusing on employee participation, or participative management, provides strong motivation to employees. By giving employees more input into decision making, a company becomes more attractive, and an employee sees more opportunities for personal and professional growth. The openness of workplace democracy builds trust and dedication, leading to increased performance.
Organizational Change Management
Change is a given and a requirement for long-term success for any business. Therefore you must constantly be prepared to change your organization, but even more important, that the organization is always accepting of and willing to change. Develop a governance program to enable unceasing organizational change management. Implement key change processes that keep you organization focused on looking forward to new opportunities and continuous improvement.
Systems and software applications are often purchased and implemented without knowing the life cycle costs. Replacing or keeping an existing business application only makes financial sense if you know the true costs and risks to support and maintain an application. The true total cost of ownership (TCO) via technology business management (TBM) will guide your decision making and strategic planning.
Prepare a Business to be Sold
There are many reasons an owner may want to sell a company, such as retirement, illness, moving on to something else, financial difficulties, divorce, or a hot market. To maximize a company's value, an owner should start preparing a business for sale, at least two years before approaching potential buyers. Be prepared to provide buyers with what they want to see before they ever ask. You can attract more buyers by demonstrating how well run your company is and why it would be a good investment.
A treasury function manages some of the most critical assets of a company. The data is highly sensitive and valuable. It is also heavily scrutinized both internally and by many external entities. Therefore, internal controls around the treasury function must be well defined and followed. Ensure your financial instruments are properly managed, optimized, meeting agreements, tracked and recorded, and secured.
Financial Crime - Anti-bribery
An organization is responsible for ensuring a person within your organization or a company performing services for your organization does not commit bribery on your behalf. Companies that do not implement adequate anti-bribery controls can be held liable for failing to prevent a person from bribing to benefit your organization. But adhering to a structured anti-bribery program provides a defense against prosecution and can mitigate the financial impact if one is caught breaking the law.
Financial Crime - Sanctions
Sanctions are government restrictions on the import or export of certain goods and services, often to or from a specific individual, company, or country, to advance foreign policy objectives. Conducting business with a sanctioned entity creates severe legal and financial liabilities. Avoid penalties by developing a sanctions governance program to help manage economic sanctions and trade embargoes.
Getting Started in Governance
New to governance, compliance, and process controls? Looking for a more structured method to manage your business operations? Let us help you build a roadmap. This topic will quickly determine where to begin based on your particular needs. Once you have the basics, expand to other topics that will benefit your business.
Healthcare Facility - Program Management
A good governance program is crucial for successfully managing a healthcare facility. It helps ensure that a hospital operates effectively and efficiently, and complies with laws, regulations, and ethical standards. It establishes policies and procedures for managing staff and patients and protecting patient safety, health, and rights. A governance program provides a framework for managing risks, continuous improvement, and quality assurance.
Healthcare Facility - Operations Management
Structured and documented operations management for a healthcare facility provides guidance for management and staff structure, oversight, decision-making, and accountability. A governance program should include processes for managing staffing, ensuring patient safety and well-being, and compliance with legal and regulatory requirements. Neglecting to have an operations management program in a healthcare facility can result in confusion and inconsistency in day-to-day operations, leading to decreased patient satisfaction, lower staff morale, and potential legal issues.
Healthcare Facility - Risk Management
A risk management program for a healthcare facility serves to enhance patient safety and quality of care by identifying and mitigating potential risks and errors, ultimately safeguarding patients from harm. Without a comprehensive risk management program, there is a heightened possibility of adverse clinical events, reporting errors, unauthorized data access, poor patient health, neglect, staffing shortages, negligent third parties, malfunctioning medical equipment, infectious diseases, and safety breaches. Ignoring the risks at healthcare facilities can result in harm to patients, legal liabilities, reputational damage, and negative financial consequences.
Healthcare Facility - Patient Rights
A patient rights program for a healthcare facility ensures its patients' well-being, dignity, and rights. Such a plan outlines policies, procedures, and processes for maintaining patient autonomy, privacy, and respect, and fostering a supportive and empowering environment. Neglecting to have a comprehensive patient rights program can result in inadequate or inconsistent care and a potential violation of patients' legal rights.
Healthcare Facility - Clinical Staff Management
A staff management program for a healthcare facility helps ensure the hospital is staffed with qualified, competent, and motivated caregivers who provide quality care and services to the patients. A focused program and consistent planning help to attract and retain skilled and dedicated staff members. Without proper planning and management, staff turnover rates can increase, leading to increased costs for recruitment and training, burnout, stress, and dissatisfaction among caregivers, causing a decrease in the quality of care provided to patients.
Healthcare Patient Safety and Quality Improvement
A patient safety and quality improvement (PSQI) governance program reinforces the importance of safety among staff members, enabling healthcare facilities to identify, analyze, and address safety concerns and continuously improve patient care. Improving patient safety includes managing the overall program to ensure it remains viable long term, developing a patient safety plan, reporting patient safety incidents, analyzing patient safety data to continuously improve results, and creating a safety culture among staff members.
Healthcare Remote Services
A healthcare facility utilizing remote healthcare services needs a governance plan to ensure the safe, efficient, and effective delivery of patient care to remote locations. Maximize the benefits and minimize the issues of remote healthcare by establishing a comprehensive governance strategy, whether covering telehealth/telemedicine, remote patient monitoring, virtual visits, on-demand care, storefront telehealth, mobile health apps, online health portals, remote diagnostic services, e-consultations, or remote mental health services.
Healthcare Credentialing and Licensing - Program M
A credentialing and licensing governance program is imperative for healthcare facilities to ensure the highest standards of patient care, regulatory compliance, and operational efficiency. Such a plan establishes structured processes that verify healthcare providers' qualifications, licenses, and certifications. The absence of a credentialing and licensing governance plan could lead to unverified providers delivering care, putting patient safety at risk, and inviting legal and regulatory challenges.
Healthcare Credentialing and Licensing - Verificat
Verifying the credentials and licenses of candidates seeking privileges at a healthcare facility are crucial for maintaining patient safety, regulatory compliance, and effective clinical operations. These policies and procedures help ensure that only healthcare providers with the necessary qualifications, competencies, and certifications are retained. The absence of such policies and procedures could result in inadequate verification of providers' credentials, jeopardizing patient safety, inviting regulatory penalties, and tarnishing the facility's credibility.
Healthcare Food Safety - Program Management
A food safety governance program at a healthcare facility is essential to ensure that safe and nutritious meals are consistently provided to patients. The absence of a robust food safety plan can lead to severe consequences, such as foodborne illnesses among vulnerable patients, regulatory violations, legal liabilities, damage to the facility's reputation, and potential financial losses. Maintain a robust food safety program to prevent adverse outcomes and ensure the well-being of patients, staff, and visitors within the facility.
Healthcare Food Safety - Operations
An operational food safety governance plan ensures that food is stored, prepared, and handled in a manner that minimizes the risk of contamination and foodborne illnesses among patients and staff. It also helps streamline food-related processes, reducing waste and enhancing efficiency. On the flip side, lacking a comprehensive operational plan can lead to serious consequences, including foodborne outbreaks, legal liabilities, regulatory fines, damage to the facility's reputation, disruptions in the supply chain, and compromised patient care. Hence, an operational plan for food safety serves as a cornerstone for upholding the highest standards of healthcare.
Healthcare Infection Outbreaks - Program Managemen
Managing infection outbreaks at a healthcare facility necessitates a well-structured program to ensure systematic infection control measures, timely responses to outbreaks, and effective resource allocation. A governance program provides clear leadership, accountability, guidelines, and a proactive approach to mitigate risks, plus ensures preparedness and helps maintain public trust in the face of infectious threats within healthcare settings. Conversely, the absence of a governance plan can lead to negative consequences, including increased infection rates, compromised patient safety, potential legal liabilities, resource mismanagement, and damage to the facility's reputation.
Healthcare Infection Outbreaks - Operations
Effectively managing infection outbreaks at a healthcare facility necessitates a robust operational plan to ensure that healthcare providers can prevent the spread of infectious diseases and respond swiftly and systematically to outbreaks. Operational controls focus on cleanliness and hygiene, limiting exposure, proper disposal, and monitoring for outbreaks. However, the absence of a comprehensive operational plan can lead to delayed responses, inadequate allocation of critical resources, confusion among staff, and the potential for rapid infectious disease spread within a facility.
Healthcare Antimicrobial Stewardship Program
Antimicrobial stewardship is a critical component of infection control in healthcare facilities and society. It involves the responsible use of antibiotics and other antimicrobial agents to prevent the development of antibiotic resistance and improve patient outcomes. The absence of an antimicrobial stewardship governance plan can lead to rampant overuse and misuse of antimicrobials, fostering the development of drug-resistant infections that are challenging to treat and increasing healthcare-associated infections. Additionally, it can expose the facility to legal and regulatory risks, damage its reputation, and strain its resources.
Healthcare Medical Equipment - Program Overview
An overall governance program for medical equipment in a healthcare facility is essential to ensure the equipment's effective management, safety, and compliance throughout its lifecycle. This program includes management's responsibilities, medical equipment change management, acquisition, disposal, and inventory. Without a governance program, a healthcare facility may face negative consequences such as increased risk of equipment malfunction, compromised patient safety, inefficient resource allocation, data breaches, regulatory non-compliance, legal liabilities, and reputational damage.
Healthcare Medical Equipment - Operations
A governance program for operating and maintaining medical equipment in a healthcare facility is crucial to ensure the safe and efficient use of equipment, maintain compliance with regulations, and mitigate risks associated with equipment failure or misuse. Policies, procedures, and controls help ensure that the medical equipment is operated correctly, calibrated, and maintained, reducing the likelihood of malfunctions or adverse events that could harm patients or compromise the quality of care. Without a governance program, a facility may face negative consequences such as increased safety risks, equipment downtime, regulatory non-compliance, legal liabilities, and damage to the facility's reputation.
Healthcare Medical Equipment - Safety & Regulation
A governance program for safety and regulatory issues related to medical equipment in a healthcare facility is crucial for ensuring patient safety, compliance with regulations, and efficient operations. Establish a medical equipment safety program, identify safety hazards, develop emergency responses, and manage related regulations to ensure equipment is operated according to safety standards and regulations. Without a governance program, a healthcare facility may face serious negative consequences such as an increased risk of patient harm, equipment malfunctions or failures, regulatory non-compliance, legal liabilities, and disruptions in healthcare delivery.
Healthcare Medical Equipment - Data Privacy & Secu
A governance program for data privacy on medical equipment in a healthcare facility is crucial to protect patient privacy, ensure compliance with regulations, and mitigate risks associated with unauthorized access or misuse of sensitive health information. Gain patient consent, understand privacy rights, and implement data security controls to safeguard patient data throughout the lifecycle of each piece of equipment, from collection to storage and disposal. Without a governance program, a facility may face severe consequences, including breaches of patient confidentiality, potential legal and regulatory violations, financial penalties, and damage to the facility's reputation.
Healthcare Emergency Preparedness - Program Manage
An emergency event preparedness plan is crucial for a healthcare facility to ensure patients, staff, and visitors' safety and well-being during emergencies. Such a plan allows for a prompt and organized response to various events, including natural disasters, pandemics, epidemics, fires, accidents, or acts of violence. Without an effective plan, a healthcare facility may face significant negative consequences, including a lack of coordination and communication, delays in evacuating or providing care to patients, inadequate allocation of resources, compromised staff safety, and an increased risk of injuries or fatalities.
Healthcare Emergency Preparedness - Incident Respo
Managing responses to emergency incidents is critical for healthcare facilities to ensure the safety and well-being of patients, staff, and the surrounding community. Effective management of emergency responses minimizes the impact of an incident and improves the chances of a successful outcome. By managing responses through an incident command structure, healthcare facilities can mitigate risks associated with natural disasters, infrastructure failure, technology failure, security incidents, fires, chemical or hazardous material spills, supply chain disruptions, medical emergencies, mass casualties, and others.
Healthcare Emergency Preparedness - Evacuations
An emergency evacuation plan is critical for a healthcare to ensure the safety and well-being of patients, staff, and visitors during emergencies, such as fires, natural disasters, security incidents, hazardous disasters, or medical emergencies. A well-rehearsed evacuation plan allows for the swift and organized relocation of individuals to safe areas, efficient communication, coordination with external agencies, and allocating necessary resources. With a proper evacuation plan, a healthcare facility may avoid chaotic evacuations, delays in response, confusion among staff and occupants, and an increased risk of injuries. An ineffective emergency evacuation plan may lead to compliance issues with regulatory requirements or jeopardize the facility's accreditation or licensure status.
Healthcare Stark Law and Anti-Kickback Controls
Physicians are legally and ethically prohibited from referring patients to receive designated health services from entities with which they have a financial relationship. The U.S. federal Stark Law, also known as the Physician Self-Referral Law, aims to prevent potential conflicts of interest that could influence medical decision-making and potentially lead to unnecessary services. Healthcare facilities must establish a governance program to comply with this and similar laws in order to avoid fraud, abuse, fines, and legal punishments.
Healthcare Third Party Data Privacy
Healthcare facilities must manage third-party vendors with access to sensitive patient information and healthcare data. A governance program serves as the cornerstone of patient privacy protection, regulatory compliance, and data security. It ensures that vendors adhere to strict standards of being a HIPAA business associate, contractual obligations, and legal requirements. The absence of a governance program allows regulatory non-compliance to become a looming threat, data security risks that can result in costly data breaches, and the loss of critical patient data, which can have negative implications for patient care and safety.
Data Security for Self - Computer Configuration
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your computer is configured.
Data Security for Self - Computer Usage
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how you use your computer.
Data Security for Self - Home Network
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your home network is configured.
Data Security for Self - Mobile Device
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your mobile devices (smartphones) are configured.
Data Security for Self - Other Devices
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your many devices (other than a mobile device) are configured.
Data Security for Self - Public/Cloud Use
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how you use public/cloud applications.
Often your digital information is valuable financially or emotionally to family and friends. Be prepared for someone to manage your data in the event you become incapacitated or die.
Data Theft Protection
Someone stealing your information and subsequently your financial resources can be devastating. Do everything possible to prevent identity theft and fraud from happening.
Home Safety - Living Area Decor
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Scrutinize your interior decor, including appliances, furniture, floors, and carpets.
Home Safety - Safety Features
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Review your home detection devices, electrical configurations, and emergency preparedness plans.
Home Safety - Non-living Structures
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Analyze your garage, workshop, pool, spa, and other outdoor structures.
Home Safety - Outside Areas
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Evaluate potentially dangerous materials stored inside and outside your home and safety considerations in your yard.
Home Remodeling - General Requirements
General remodeling or doing major repairs is best done when you have considered and prepared for issues BEFORE the project starts. Key general remodeling issues include costs and budgets, rooms and key areas to cover, designing, permits and approvals, project scheduling, and tools and materials.
Home Remodeling - Do It Yourself
Remodeling or doing major repairs by Doing It Yourself (DIY) is best done when you have prepared for issues BEFORE the project starts. Key DIY issues include safety, tools, rentals, permits, equipment, videos, use of subcontractors, and planning.
Home Remodeling - Using a Contractor
Using a contractor for remodeling or doing major repairs at your home means selecting and managing the contractor and contract to limit the issues and ensure mutual satisfaction.