What are information security standards? 

What are information security standards

An information security standard is a series of documented processes that define how to implement, manage, and monitor various security controls. As well as providing a blueprint for mitigating risk and reducing vulnerabilities, cybersecurity standards and cybersecurity frameworks typically detail the necessary steps for achieving regulatory compliance.     Let’s look at information security standards, why they’re important, and the consequences of failing … Read More

How does the Digital Operational Resilience Act (DORA) affect you?  

About Digital Operational Resilience Act (DORA)

RiskXchange can help you stay on the right side of data privacy regulations anywhere in the world.  The ever-increasing risk of cyberattack has prompted the EU to adopt a legislation to improve the cybersecurity and operational resiliency of the financial services sector – the DORA act. The Digital Operational Resilience (DORA) Act was implemented to ensure that the European financial sector is able to remain … Read More

How to choose a cybersecurity framework that works for you

How to choose a cybersecurity framework that works for you

A cybersecurity framework provides security teams with a set of standards and a common language across borders and industries to understand security postures. With a cybersecurity framework in place, it can help define the procedures and processes that your organisation must take to monitor, asses and mitigate cybersecurity risk.  Let’s take a closer look at the most common cybersecurity frameworks.  … Read More

GDPR compliance checklist for 2022

GDPR compliance checklist 2022

The barometer for ensuring that your business is compliant with privacy and security laws is to abide by the General Data Protection Regulation (GDPR). However, very few organisations are fully compliant which could leave them wide open.  Non-compliant organisations could face fines of up to £18 million or 4% of annual global turnover, if that’s a greater sum. With that shocking … Read More

What is SOC 2? 

What is SOC 2 and SOC 2 compliance?

Why SOC 2 compliance is important for protecting sensitive data and building customer trust   SOC 2 (Systems and Organisations Controls 2) is a comprehensive reporting framework used for the assessment and subsequent testing of controls relating to the Trust Services Criteria (TSC) of security. It’s basically a set of compliance requirements outlining what companies should adhere to when using cloud-based … Read More

Why use compliance monitoring as a part of your cybersecurity program? 

Use compliance monitoring as a part of your cybersecurity program

Compliance monitoring is a key part of any cybersecurity program. It is a continuous process used to ensure staff are following procedures and policies put in place to protect company assets. Regulatory compliance monitoring is key to spotting potential issues in any organisation’s function or operations. However, it is now becoming extremely difficult for companies around the world to meet their regulatory … Read More

Breaking down new SEC rules on cybersecurity risk management

Breaking down new SEC rules on cybersecurity risk management

What are the new SEC rules on cybersecurity risk management disclosure? The Securities and Exchange Commission (SEC) has introduced new rules to enhance and standardise disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.  According to the SEC rules on cybersecurity, proposed amendments to already existing rules would require, among other things, current reporting about material … Read More

How has supplier due diligence responded to modern supply chain threats?

supplier due diligence

With the European Union forecasting that this year will see a four-fold increase in software supply chain attacks in 2021, compared to last year, vendor security has become an enormously important priority for almost every business this year. On the heels of cybersecurity incidents like the SolarWinds breach and the Codecov cyberattack, we need to relook at our processes; all … Read More

Trends shaping the traditional compliance risk assessment in 2021

traditional compliance risk assessment in 2021

In today’s tumultuous global landscape and complex regulatory environment, compliance is the one reliable way organisations can make sure the wheels aren’t flying off. What we’ve seen though is that our general approach to compliance risk assessments fail to create a more proactive spirit across our operations. With the disruptions caused by the pandemic, the insidious nature of modern cyberattacks, … Read More