by Bryan Johnson | May 25, 2023 | Chief Compliance Officers, CMMC, GRC, GRC Implementation
Complying with the CMMC / NIST 800-171 framework can be likened to a heavy chain, where each link represents a specific task or requirement. The unmanageable amount of tasks required for full compliance burdens this chain, making it increasingly difficult to pull....
by Bryan Johnson | Jun 28, 2019 | Chief Compliance Officers
Two Lessons from the 2019 Rocky Mountain Information Security Conference (RMISC) Each year I embark on a journey with what seems like every other security professional in the Denver area, to the only Security conference that seems worthwhile to attend: The Rocky...
by Bryan Johnson | Apr 12, 2019 | Risk Management, SOC Reports
Evaluating Cloud Providers I have a friend who recently started a new business venture. He’s been involved in several other ventures before therefore he’s familiar with the common business processes that are performed when running a business – accounting, scheduling,...
by Bryan Johnson | Feb 13, 2019 | GRC Implementation, RSA Archer
Agile GRC Development Process As we have blogged about in the past, when we start an Archer engagement with a new client we usually perform a Roadmap exercise that walks them through identifying their current GRC processes and rated on the basis of complexity,...
by Bryan Johnson | Oct 12, 2018 | Chief Compliance Officers
Continuing the discussion on GRC implementations, it would be worth exploring the discovery phase of the project that’s critical to defining the scope of the GRC program. Without understanding where your risk and compliance activities are happening there is a risk...
