Filter by:
All
Data Security
Data Usage
Data Regulations
Process Governance
Compliance
Supply Chain
Ethics & Sustainability
Emerging Technology
Software Development
Human Resources
Financial Discipline
Getting Started
Personal Data Security
Home Life
Data Security for Business - Servers
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Server security is a fundamental requirement for protecting data.
Data Security for Business - Employees
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Employee security is a fundamental requirement for protecting data.
Data Security for Business - Transmission
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Data transmission security is a fundamental requirement for protecting data.
Data Security for Business - Website & Cloud
Businesses handle and store intellectual property and personal information. Often there are multiple entry and exit points where this data can be accessed by unscrupulous people. And with more costly data laws being introduced by governments, securing data has become an absolute requirement for a company's longevity. Website and cloud application security is a fundamental requirement for protecting data.
Insider Threat Mitigation Program
Company employees, contractors, and other insiders poise a significant threat to your data security. If not managed properly, the risk of an intentional or unintentional data breach increases significantly. An insider threat mitigation program ensures the continuous evaluation of operations, employee involvement, and safe keeping of your critical data.
Intellectual Property Use and Protection
Intellectual Property (IP) is highly valuable, and is often considered the crown jewel of a company. It's what separates you from competitors. Others may attempt to steal, copy, or destroy your intellectual capital. Protecting these logical assets usually requires a multi-pronged proactive strategy. IP governance provides a structured approach to identify, develop, protect, defend, exploit, and manage the asset.
Patch Management
Patch management is one of the most important methods for reducing the chance of a cyber crime against your business. However patch management is often a complicated process because of the variety of software used in a company and the effect on a business if a patch rollout fails or is not performed. Reduce the risk of not applying patches by following a structured approach to patch management.
Industrial Control Systems Security
Equipment used in manufacturing processes have special controls and system requirements. Physical danger to employees and even surrounding areas are possible if access to these Industrial Control Systems (ICS) are breached. Because of unique requirements, ICS is segregated from a company's IT network and systems. Adherence to these controls will reduce the risk of exposure to criminal elements.
Cybersecurity - Training
Employees and contractors are an asset to maintaining security around your systems. But they can also be a huge liability if uneducated on cybersecurity. A cybersecurity training program ensures everyone in your business stays current and aware of the cyber pitfalls.
IOT Device Usage Controls
Internet of Things (IoT) devices are found in nearly every aspect of business and life. Historically security on IoT devices have been lacking, either through design or lack of security updates. Cyber criminals are increasing their attacks against such vulnerabilities. IoT usage controls can greatly shrink the security gaps.
IOT Device Development Controls
Internet of Things (IoT) devices can be physically or virtually connected to computers or other systems. And when a device contains sensitive customer or business information, it becomes a big target for the criminal element. Proper IoT development controls will reduce the security risk to customers using your devices.
BYOD Controls
Bring Your Own Device (BYOD) is prevalent in the workplace, especially when using contractors and freelancers. When you allow employees to use their personal devices, such as laptops, smartphones, and tablets, to access your system or data, whatever is on that device can infect your system. Managing BYOD reduces the cybersecurity risk.
Data Security Policies and Procedures
Data security policies are a starting point for identifying the security issues most important to a business, in addition to providing employees and contractors a guide for how to properly act while on your systems or using the information. Key vulnerabilities include internet usage on a company network, password requirements, email usage, social media postings, and USB usage.
P2P File Sharing Controls
Employees, contractors, vendors, partners, or anyone else sharing and transmitting your valuable data is a potential point for data corruption or loss. Peer-to-peer (P2P) file sharing is a method to easily swap data between different parties. P2P controls reduce the risk of systems being infected at critical interfaces in the process.
Data Usage - Presentation
Companies gather data from many sources, but it often languishes in computers until it becomes obsolete. Using this data can provide new insights into your business, and sometimes be another source of revenue. A business must focus on using existing data, and supplement it with external data if helpful. Focus on presenting the information and KPIs using dashboards and other visualization tools.
Data Usage - Capture & Analysis
Companies gather data from many sources, but it often languishes in computers until it becomes obsolete. Using this data can provide new insights into your business, and sometimes be another source of revenue. A business must focus on using existing data, and supplement it with external data if helpful. Develop the discipline to capture and analyze the information generated by your business.
Data Management for Business
Companies rely on data for decision making and managing operations. But when this data is not properly obtained, scrubbed and cleansed, and retained, it is costly. Unhappy customers and vendors, poor decisions, and non-compliance are just a few results. Properly managing your data from the beginning to the end will ensure confidence when using your information.
Data Laws and Regulations by Location
There are multiple laws and regulations related to the security and management of customer data. Regions, countries, and states throughout the world have different requirements. A company is responsible for meeting the specific requirements of each location they operate in.
Data Regulation EU GDPR
The primary goal of GDPR is to give control of personal data back to citizens and residents of the EU. This is reflected by requirements that subjects give consent before data is processed, that collected data is anonymized (remove identifiable information) and safely handled when transferred, and that breaches are handled with the utmost urgency and care. The regulation also applies strict rules to the export of personal data to entities outside of the EU and requires certain types of companies to appoint data protection officers for overseeing GDPR compliance within their organizations.
Data Regulation US CA Shine the Light
California Civil Code 1798.83 to .84 requires all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.
Data Regulation PCI DSS
PCI DSS compliance is essential for any company handling credit card information. It entails maintaining a secure data network, regularly monitoring networks, and implementing security controls, among other rules. Most small-to-medium sized businesses fall into Level 4 (<20,000 transactions per year) and are required to submit the relevant Self-Assessment Questionnaire (SAQ) report.
Data Regulation US HIPAA
Sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance. Regulations focus on the handling of medical information, including privacy and security. The regulation requires that any company handling healthcare data, from hospitals to insurance companies, must comply with HIPAA security standards when transmitting and storing electronic protected health information (ePHI).
Data Regulation US HBNR
The Federal Trade Commission (FTC), the nation’s consumer protection agency, has issued the Health Breach Notification Rule to require certain businesses not covered by HIPAA to notify their customers and others if there’s a breach of unsecured, individually identifiable electronic health information. This FTC rule does not apply if you are a HIPAA covered entity or to the extent you are acting as a HIPAA business associate.
Data Regulation US Red Flags Rule
Identity Theft Red Flags Rule requires financial institutions to implement a program to detect, prevent, and mitigate identity theft.
Data Regulation US SOX 404
The goal of SOX 404 is to implement accounting and disclosure requirements that increase transparency in corporate governance and financial reporting. Focus is on a company's formal system of internal checks and balances. Information technology (IT) controls are specific activities performed by persons or systems to ensure that business objectives are met. IT control objectives relate to the confidentiality, integrity, and availability of data.
Data Regulation US CCPA
The new California data privacy act SB1386 or AB-375 was effective Jan 1, 2020. The CCPA focuses exclusively on data collection and privacy. Citizens have the right to bring a civil action against companies that violate the law.
Data Regulation CAN CASL
The Canadian law sets clear requirements for all commercial emails. The Canadian Radio-television and Telecommunications Commission (CRTC) works hand in hand with its international counterparts—including agencies in the U.S., U.K., and Australia—to investigate and enforce violations of CASL by international senders.
Data Regulation US Privacy Shield
The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the Privacy Shield Principles. Requirements of the EU-U.S. and Swiss-U.S. Privacy Shield are the same.
Data Regulation US COPPA
Children's Online Privacy Protection Act requires websites that collect information on children under the age of 13 to comply with the Federal Trade Commission (FTC). The FTC determines whether a website is geared towards children by reviewing its language, content, advertising, graphics, features, and intended audience. The law also affects general interest sites looking to collect information from children, whether the site’s operators mean to do so or not. A company must have certain information in their privacy policy and get parental consent before collecting some types of information from children.
Data Regulation US GLBA
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Data Regulation US Disposal Rule
Any large or small business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Disposal Rule requires disposal practices that are reasonable and appropriate.
Data Regulation US CAN-SPAM
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service."
Data Regulation US OH Data Protection Act
Provides organizations with a legal incentive to achieve a “higher level of cybersecurity” by maintaining a cybersecurity program that substantially complies with any one of the approved industry-recommended frameworks. Companies in compliance with any of the frameworks are entitled to a “legal safe harbor” as a defense against legal claims related to a data breach stemming from alleged failures to adopt reasonable cybersecurity measures.
Data Regulation US CT Gen Statute 42-471
Conn. Gen. Stat. § 42-471 requires any company who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.
Data Regulation US DE Code 6-205C
Del. Code Tit. 6 § 205C affects an operator of a commercial internet website, online or cloud computing service, online application, or mobile application that collects personally identifiable information through the Internet about individual users residing in Delaware. A company must make its privacy policy conspicuously available on its internet website, online or cloud computing service, online application, or mobile application.
Data Regulation US NV NRS 603A
Nevada Revised Statutes, Chapter 603A, focuses on the security of personal information.
Data Regulation US UT Code 13-37-201
Utah law 13-37-201 to -203, although not specifically targeted to online businesses, require all non-financial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation.
Risk Assessment and Management
Taking risks is part of doing business. Addressing up front the risks that most affect a particular company and industry helps reduce the negative impact if it occurs. Results from not addressing risks range from inconvenience to devastating. But managing risks can soften the financial blow and enable long term success.
Change Control Governance
Physical and digital changes are constantly made in business operations. But connected to each change is often a chain of other actions to consider, both before and after the change. Changes to processes, products, or services has serious ramifications to your success and reputation if done incorrectly. Change control is meant to reduce the chances of a key item being missed or not communicated.
Machinery Controls - Program Management
Proper maintenance on your business machinery and equipment is critical for maximizing its value, whether the equipment is used for manufacturing widgets, doing calibrations, or producing lab results. But machinery maintenance must be consistent and continuous. Establish and manage a program to effectively maintain business machinery and equipment, including documentation, ownership and responsibility, policy and procedures, and training.
Machinery Controls - Maintenance
Proper maintenance on your business machinery and equipment is critical for maximizing its value, whether the equipment is used for manufacturing widgets, doing calibrations, or producing lab results. Great maintenance is preventive and not reactive. Follow a structured method to ensure effective maintenance controls, including inspections, preventive maintenance, operating procedures, safety, and systems access.
Mobile Equipment Management Program
Managing a mobile equipment program covers several areas, primarily focusing on the safety of employees and machinery and ensuring reliable and available equipment. Structured mobile equipment guidelines focus on preventive maintenance, repairs and services, operating equipment, pedestrian safety program, policies and procedures, operator training, spare parts management, accounting for equipment, and meeting laws and regulations.
Project Management - Pre-project Work
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting the competing needs. Considering all the key elements when initiating a project provides the only realistic chance of delivering successful projects. During project initiation, define business expectations by addressing benefits, stakeholders, and a project charter. This is the first of four project management governance topics.
Project Management - Planning
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting all the competing needs. There are many issues to consider when planning for a project, including detailed requirements, cost, schedule, communications and engaging stakeholders, quality, resources, risk, and procurement. Project planning entails how you plan to complete the project, based on the resources and environment within your company. This is the second of four project management governance.
Project Management - Execution
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting all the competing needs. There are many issues to consider when undertaking or executing a project, including managing change control, communications, cost control, schedule control, scope control, resources, quality, risk, procurement, closing, and transition to operations. Project execution involves managing, directing, monitoring, and controlling the project details, starting with the project plan and adjusting it to meet the inevitable issues that arise. This is the third of four project management governance topics.
Project Management - Oversight
Properly managing projects is vital for controlling costs, delivering what is expected to the customer, and meeting competing needs. There are many issues to consider when overseeing project work, including project selection, programs, portfolio, policies and processes, standards and guidelines, project documentation, and organizational structure. This applies whether you have a formal project management office (PMO) or a small management team to oversee projects. This is the fourth of four project management governance topics.
Cybersecurity - Incident Response Plan
Cybersecurity events can be small and occur over an extended period or be large and immediately impact your business viability. An incident response (IR) plan focuses on how to identify, respond, and recover from such events. Events hit businesses without warning, and a thoughtful plan provides guidance in chaotic moments.
Disaster Recovery Plan
Like life insurance, a disaster recovery plan (DRP) is something you hope never to use but it definitely helps if something disastrous happens. A DRP addresses the possible risks to all your key systems, without which your business would have difficulty functioning. Whether a disaster caused by employees, criminal elements, or nature, preparedness is critical to returning your business back to full functionality.
Data Breach Notification
Companies that manage or possess customer or employee personal information are responsible for reporting theft or disclosure of that data. Each state and country has its own requirements for reporting a security breach of personal data. A data breach plan is designed to address the technical and administrative requirements before a data breach occurs so that the focus can stay on breach remediation.
User Access Management
User access controls, or lack of them, is a leading reason how cyber criminals can access business data. System and application access controls focus on keeping your user access list current and clean. This requires a focus on terminations, special privileges (admin rights), contractors, and regular reviews.
Privileged Access Management
Unwanted access into systems to abuse or steal valuable company data is usually accomplished using privileged accounts. Privileged accounts provide almost unlimited access to critical business systems and information. Actively managing privileged system access (PAM) is undoubtedly a key component of stopping cyber theft, ransomware, and other system attacks.
Separation of Duties (SOD)
Separation of Duties (SOD), also known as Segregation of Duties, is a key component of many regulations and a focal point for various types of audits. Implementing SOD helps improve compliance and security, reducing the risk of fraud by eliminating conflicts of interest. Know how to identify where one person has excess control over a critical process.
Cybersecurity - Planning
Securing your systems and applications from criminal cyber elements requires a structure that ensures key areas are consistently addressed. A cybersecurity plan focuses on risks, policies and procedures, training, and strategy planning.
Application Development Controls
Security holes in applications are sought by cyber criminal elements. Whether internal or external applications, security controls are needed to safeguard valuable information. Consistently adhering to basic application development controls reduces the possible vulnerabilities in your systems.
Policy Development
A policy is a documented management statement that identifies an important company issue and states why it needs to be done. Clear and concise policies provide all stakeholders with a good understanding of how your business wants to operate. Policy Development defines the guidelines for creating these solid policies. The lack of a comprehensive policy can sway a legal opinion and ruling. So it's critical to get the policy right from the beginning.
Policy Management
A successful policy clearly states the requirements for everyone operating within a business. Policy management defines how to maintain existing policies as circumstances change. A policy that does not match what is actually happening in your company is confusing to internal and external stakeholders. In some cases, inaccurate policies may have serious legal ramifications.
Enterprise IT Governance
Regardless of company size and products provided, information technology (IT) is the backbone that keeps it running. But often an IT function is not aligned with company goals. This results in mistrust, frustration, wasted money, and failed projects. IT enterprise governance focuses on aligning and blending IT requirements to keep the lights on and simultaneously work with the business to grow its value.
Worker Health and Safety
One of the most important actions and demonstration of concern a company can make is to ensure every worker returns home in the same condition as when they left. The well being of workers and the monetary loss from non-compliance demands focused attention on health and safety (H&S). Developing and maintaining a culture of safety in the workplace absolutely necessitates a structured approach that ensures H&S requirements are understood and lived by all workers.
Audit Preparation
Every company has areas critical to their success. Any function which keeps the business successful, for example data, processes, or security management, should receive the highest level of scrutiny. To satisfy both internal and external demands, these success factors should be periodically audited and reviewed. This means implementing a simple but effective audit program.
Software License Management
Every company has software to support operations or systems. A software license is the legal right to use this software according to the vendor's terms and conditions. Not adhering to a license agreement has compliance and monetary ramifications. A software license management or governance plan greatly reduces the chance of an expensive compliance issue and helps save money by purchasing and using only licenses that are necessary.
Internal Investigations
Internal investigations may be required for many reasons, including expected fraud, safety violations, non-compliance to internal policies, cyber crime, environmental complaints, vendor misrepresentation, harassment, and employee privacy violations. An internal investigation protocol provides a structured approach that ensures any evaluation of what may have gone wrong is carried out properly. Internal investigations are often associated with a serious legal issue. Knowing how to adequately prepare for, execute, followup, and close an investigation has a huge impact on legal liabilities.
Compliance and Governance Management
Compliance and governance officers, managers, and regulatory program managers coordinate across a company to ensure process controls align with policies and procedures, which help to ensure your company meets internal and external laws, regulations, and licensing requirements. But long-term success for your compliance function means an ongoing assessment of its personnel and activities.
Comprehensive GRC Program
Failure to meet legal, regulatory, or other compliance requirements can be damaging to a company. Compliance touches upon most, if not all, aspects of a business. Therefore it takes a thoughtful and coordinated effort to ensure everyone understands and adheres to compliance demands. Maintain a structured governance, risk, and compliance (GRC) program that provides effective oversight and helps meet your regulatory needs.
Compliance Effectiveness - Program Design
The U.S. Department of Justice Criminal Division considers certain factors when determining if a company has an adequate and effective corporate compliance program against misconduct. This becomes critical if your company finds itself being investigated for improper behavior. Even if you never expect to be in that position, utilize this structure to ensure the company's compliance program is well-designed.
Compliance Effectiveness - Program Management
The U.S. Department of Justice Criminal Division considers certain factors when determining if a company has an adequate and effective corporate compliance program against misconduct. This becomes critical if your company finds itself being investigated for improper behavior. But even if you never expect to be in that position, utilize this structure to ensure the company's compliance program is adequately resourced and empowered to function effectively.
Compliance Effectiveness - Program in Practice
The U.S. Department of Justice Criminal Division considers certain factors when determining if a company has an adequate and effective corporate compliance program against misconduct. This becomes critical if your company finds itself being investigated for improper behavior. But even if you never expect to be in that position, utilize this structure to ensure the company's compliance program is working in practice.
Vendor Management - Relationships
Materials, products, services and other items consumed by your business ultimately reflect in your product or service. A vendor relationship starts before the contract is signed and continues throughout the life of the partnership. Nurture the often-neglected relationship with strategic vendors using open communication and mutually beneficial problem solving.
Vendor Management - Performance
Materials, products, services and other items consumed by your business ultimately reflect in your product or service. The performance of strategic and critical vendors and suppliers must be measured and analyzed. Focus on tracking issues, establishing key performance metrics, managing contract compliance, and securing shared data.
Vendor Management - Selection Process
Materials, products, services and other items consumed by your business ultimately reflect in your product or service. What comes into your company directly affects what your immediate stakeholders and customers see. Select the best vendor for your business needs by ensuring that business operations are involved in the evaluation, that company requirements are clearly defined, that the vendor demonstrates continuous improvement, and that performance criteria is specified up front.
Vendor Management - Program
Develop a vendor management program that accounts for managing vendor risks, ensures vendor contracts are tightly controlled, communicates and tracks changes to products and processes, and develops appropriate vendor policies and a code of vendor conduct to address key concerns.
Inventory Management - Optimal Levels
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. But an accurate inventory valuation and optimal inventory levels enhances sales and operations.
Inventory Management - Physical Counts
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. Performing accurate physical inventory counts helps confirm that your overall inventory management program is working.
Inventory Management - Reports & Systems
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. Quality inventory metrics and reports ensure the company is focused on the critical inventory management requirements. An inventory system must provide timely, accurate, and secured information.
Inventory Management - Program
The end result of inventory management is to have the right product at the right amount at the right place at the right time. Inventory problems can have a huge negative effect on your business, especially cash flow. That is why inventory planning and forecasting must involve all levels of management and nearly all departments. Inventory policies and procedures help ensure a consistent and sustainable approach to inventory planning and operations.
Warehouse Management
Strategic warehouse planning, efficient processes, performance measurements, workers health and safety, and plant layout all contribute to effective supply chain fulfillment. Implementing process controls and an optimal floor layout in a warehouse operation are critical to ensuring a customer's order is filled and delivered as promised. In addition, it is absolutely necessary to provide workers a safe environment. Having a sound warehouse management governance program in place will enable you to effectively and efficiently meet order requirements.
Reverse Logistics
An inevitable but essential aspect of selling a product online is having your product returned. Customers often make a purchase based on a company's return policy. It is critical for customer retention and reducing costs to have an active reverse logistics program. There are many aspects of reverse logistics, including clearly articulating the return policy, simplifying the customer requirements, getting back the product, determining what to do with the returned product, and closing the return cycle. Follow a structured approach to product returns governance.
Conflict Materials
There are strict laws regarding certain minerals often mined from areas of conflict. Critical processes and requirements must be adhered to if you are a downstream company that utilizes these minerals in your products. Based primarily on the Organisation for Economic Co-operation and Development (OECD) Due Diligence Guidance, follow a structured method to ensure you know your supply chain and can be assured that your company has taken reasonable steps to utilize only legitimately obtained conflict minerals.
Environmental Sustainability - Program
Many countries are tightening requirements for adding waste to landfills, cleaning the air and water, and in general improving the environment. At the same time, more consumers are wanting to buy more environmentally friendly products. An environmental sustainability program ensures you follow a structured approach for assessing, reporting, and continuously improving.
Environmental Sustainability - Operations
Many countries are tightening requirements for adding waste to landfills, cleaning the air and water, and in general improving the environment. At the same time, more consumers are wanting to buy more environmentally friendly products. Environmental sustainability must continuously focus on improving your operations.
Environmental Sustainability - Product
Many countries are tightening requirements for adding waste to landfills, cleaning the air and water, and in general improving the environment. At the same time, more consumers are wanting to buy more environmentally friendly products. Environmental sustainability must focus on continuously improving your products and product packaging.
Business Ethics Practices
Practical steps are necessary to ensure ethical people are hired and employees know how to make sound ethical decisions on a day-to-day basis. Employees, including managers, need to be educated, trained, and engaged. A company must seek to improve the community around them. Creating an ethical organization requires effort to establish and maintain.
Business Ethics Management
Good ethical behavior leads to trusting employees, customers, partners, and vendors, which leads to better company performance. Poor ethics leads to negative feelings about the company, lost opportunities, and even criminal charges. Organizational integrity is created through an ethics program that emphasizes a code of ethics, leadership, self-assessment, confidential reporting, and continuous training.
Community Outreach
Every community in which a company operates or employees live has needs. The right thing to do in any society is to provide help and give something back. Develop a community outreach program that will ensure that your company stays focused on being a good corporate citizen.
Artificial Intelligence Governance
Artificial Intelligence (AI) is integrating into nearly everything we interact with, and the pace of development is accelerating. But AI brings with it certain unique concerns around privacy, built in human bias, ethical and cultural bias, and unintended consequences. The developing and evolving focus on AI governance will help you address these concerns and provide guidance in an area affecting both small and large businesses in nearly all industries.
Robotic Process Automation
Automating processes to manage high volumes of transactions using virtual robotic systems requires adjusting how employees interact with these non-human entities. Robotic process automation (RPA) is not just another system or database tool. There are implications to your workforce, systems, processes, procedures, security, risk, access, and change control. Understand how to properly manage the technical and process changes that a robotic ('bot') system brings to a company.
Bug Bounty
A growing number of companies who develop software or simply expose their software externally implement a bug bounty program. A bug bounty program provides an additional method to strengthen your cybersecurity position using knowledgeable third parties. Making the vulnerability disclosure program useful and sustainable requires steps which, if consistently performed, provide a great way to proactively reduce application and system security risks.
Outsourcing Labor
Focus should be on what differentiates your business from others. Your strength is where a difference is made, not in performing non-core work that many others can accomplish. Whether someone else does the task, job, service, or operation locally, on premise, offshore, or nearshore, proper controls will help ensure a successful outsourcing relationship.
First 100 Days for Leaders
Many leaders/managers are promoted or hired into a new role and expected to establish themselves immediately. This is rarely realistic. But when a company follows a structured approach during the first 100 days and provides guidance for each person moving into a leadership position, stress is reduced and productivity leaps. Most important, the chances of retaining a new leader are greatly increased.
Workplace Democracy
The task of attracting and keeping talented employees is becoming more difficult as it becomes easier to move between companies. Workers are looking for something more meaningful. Focusing on employee participation, or participative management, provides strong motivation to employees. By giving employees more input into decision making, a company becomes more attractive, and an employee sees more opportunities for personal and professional growth. The openness of workplace democracy builds trust and dedication, leading to increased performance.
Organizational Change Management
Change is a given and a requirement for long-term success for any business. Therefore you must constantly be prepared to change your organization, but even more important, that the organization is always accepting of and willing to change. Develop a governance program to enable unceasing organizational change management. Implement key change processes that keep you organization focused on looking forward to new opportunities and continuous improvement.
Mental Health in the Workplace
Workplace mental health and well-being is a critical priority, impacting the health of individual workers and their families, organizational productivity, and the bottom line for businesses. The U.S. Surgeon General's office offers a framework that all companies and industries can follow. Explore ways to better enable all workers to thrive within the workplace and beyond.
Application TCO
Systems and software applications are often purchased and implemented without knowing the life cycle costs. Replacing or keeping an existing business application only makes financial sense if you know the true costs and risks to support and maintain an application. The true total cost of ownership (TCO) via technology business management (TBM) will guide your decision making and strategic planning.
Prepare a Business to be Sold
There are many reasons an owner may want to sell a company, such as retirement, illness, moving on to something else, financial difficulties, divorce, or a hot market. To maximize a company's value, an owner should start preparing a business for sale, at least two years before approaching potential buyers. Be prepared to provide buyers with what they want to see before they ever ask. You can attract more buyers by demonstrating how well run your company is and why it would be a good investment.
Treasury Controls
A treasury function manages some of the most critical assets of a company. The data is highly sensitive and valuable. It is also heavily scrutinized both internally and by many external entities. Therefore, internal controls around the treasury function must be well defined and followed. Ensure your financial instruments are properly managed, optimized, meeting agreements, tracked and recorded, and secured.
Financial Crime - Anti-bribery
An organization is responsible for ensuring a person within your organization or a company performing services for your organization does not commit bribery on your behalf. Companies that do not implement adequate anti-bribery controls can be held liable for failing to prevent a person from bribing to benefit your organization. But adhering to a structured anti-bribery program provides a defense against prosecution and can mitigate the financial impact if one is caught breaking the law.
Financial Crime - Sanctions
Sanctions are government restrictions on the import or export of certain goods and services, often to or from a specific individual, company, or country, to advance foreign policy objectives. Conducting business with a sanctioned entity creates severe legal and financial liabilities. Avoid penalties by developing a sanctions governance program to help manage economic sanctions and trade embargoes.
Getting Started in Governance
New to governance, compliance, and process controls? Looking for a more structured method to manage your business operations? Let us help you build a roadmap. This topic will quickly determine where to begin based on your particular needs. Once you have the basics, expand to other topics that will benefit your business.
Data Security for Self - Computer Configuration
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your computer is configured.
Data Security for Self - Computer Usage
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how you use your computer.
Data Security for Self - Home Network
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your home network is configured.
Data Security for Self - Mobile Device
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your mobile devices (smartphones) are configured.
Data Security for Self - Other Devices
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how your many devices (other than a mobile device) are configured.
Data Security for Self - Public/Cloud Use
Private and confidential data abounds in multiple devices used by individuals and families. Unfortunately, there are many bad elements around the world and in your neighborhood that want to get hold of it. Fortunately, there are some basic steps that can greatly reduce the risk of information being stolen or misused because of how you use public/cloud applications.
Data Inheritance
Often your digital information is valuable financially or emotionally to family and friends. Be prepared for someone to manage your data in the event you become incapacitated or die.
Data Theft Protection
Someone stealing your information and subsequently your financial resources can be devastating. Do everything possible to prevent identity theft and fraud from happening.
Home Safety - Living Area Decor
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Scrutinize your interior decor, including appliances, furniture, floors, and carpets.
Home Safety - Safety Features
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Review your home detection devices, electrical configurations, and emergency preparedness plans.
Home Safety - Non-living Structures
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Analyze your garage, workshop, pool, spa, and other outdoor structures.
Home Safety - Outside Areas
We often don't see the unsafe areas inside and outside the home because we get so used to it being that way. There are many ways to improve the home environment safety and security, most at little or no cost. For those with elderly persons or children living at home, safety is especially important. Evaluate potentially dangerous materials stored inside and outside your home and safety considerations in your yard.
Home Remodeling - General Requirements
General remodeling or doing major repairs is best done when you have considered and prepared for issues BEFORE the project starts. Key general remodeling issues include costs and budgets, rooms and key areas to cover, designing, permits and approvals, project scheduling, and tools and materials.
Home Remodeling - Do It Yourself
Remodeling or doing major repairs by Doing It Yourself (DIY) is best done when you have prepared for issues BEFORE the project starts. Key DIY issues include safety, tools, rentals, permits, equipment, videos, use of subcontractors, and planning.
Home Remodeling - Using a Contractor
Using a contractor for remodeling or doing major repairs at your home means selecting and managing the contractor and contract to limit the issues and ensure mutual satisfaction.