Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 2 - Risk Assessment
FCPA Compliance Report: Fraud Risk Management - Insights and Experiences with Peter Schablik
#Risk New York Speaker Series – Inside Behavioral Insights: Tom Hardin on Compliance at #RiskNYC
Compliance Tip of the Day: COSO Framework
#Risk New York Speaker Series: Exploring AI Risks in Compliance with Gwen Hassan
Healthcare Enterprise Risk Management
Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
Key Takeaways From the OIG's New Compliance Guidance for Nursing Facilities — Assisted Living and the Law Podcast
Envisioning a Compliant Workforce
Updating the Research Compliance Handbook
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) unanimously voted to adopt a package of Proposed Regulations for the California Consumer Privacy Act (“CCPA”), marking a significant development in...more
“You don’t rise to the level of your goals. You fall to the level of your systems.” — James Clear - Most security programs look good on paper. Policies exist. Controls are mapped. Frameworks are followed. Audits get...more
The 2025 Mitratech Third-Party Risk Management (TPRM) Study conveys a clear message: the third-party risk landscape is evolving into a complex, interconnected ecosystem — one where every vendor, supplier, and partner plays a...more
Enterprises don’t have a staffing problem. They have a systems problem. In a recent engagement, we were engaged to help improve a global SOC operation. Despite having over 30 analysts on staff, the team was missing...more
More vendors were supposed to mean more protection. The thinking was simple: pick the best in every category—endpoint, identity, SIEM, automation—and assemble a flexible, layered defense. But over time, that flexibility...more
On March 24, 2025, the Federal Risk and Authorization Management Program (“FedRAMP”) announced a major overhaul of the program, which is being called “FedRAMP 20x.” The FedRAMP 20x announcement stated there are no immediate...more
Tool sprawl is paralyzing enterprise security teams. Learn how to shift from fragile, over-engineered stacks to agile security architectures that accelerate progress....more
Even the strongest IT/DR plans can fail if they aren’t proactive about avoiding these common mistakes. When systems go down, business grinds to a halt. Downtime leads to $9,000 in losses per minute on average, damaged...more
Ready to ditch outdated guidelines and adopt a fresh take on your IT Disaster Recovery plans? Spring is the season of renewal, making it the perfect time to refresh not only physical spaces but also strategies and...more
Learn how automating third-party risk management (TPRM) can enhance efficiency, security, and compliance and help businesses proactively address vendor risks....more
The evolution of artificial intelligence (AI) has introduced systems capable of making autonomous decisions, known as agentic AI. While generative AI essentially “creates” – providing content such as text, images, etc. –...more
On November 22, 2024, the California Privacy Protection Agency (CPPA) formally proposed new regulations implementing the California Consumer Privacy Act (CCPA). Although the CCPA itself and previous CCPA regulations largely...more
On Nov. 8, the California Privacy Protection Agency (CPPA) Board voted to advance several significant privacy regulations, including new provisions under the CCPA affecting data brokers, as well as the initiation of the...more
On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure”...more
The California Privacy Protection Agency (CPPA) Board has initiated a formal rulemaking process on a new regulatory package, moving forward with proposals for automated decision-making technology (ADMT) rules, cybersecurity...more
Artificial intelligence (AI) technology is advancing at an unprecedented rate, increasing in complexity while driving significant innovation across sectors. In response to the rapid development of AI, myriad compliance...more
Last week I had the pleasure of sitting down and discussing the legal implications of AI with a group of General Counsels. This group of GCs represented companies from the Fortune 100 all the way to mid-size enterprises. That...more
Cyberattacks powered by artificial intelligence have become more sophisticated as bad actors utilize machine learning to analyze vulnerabilities, automate exploits, and outpace traditional security measures. Through the use...more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
The Cybersecurity and Infrastructure Security Agency (CISA) has released a revised draft of its Secure Software Development Attestation Common Form ("Form"). The Form, once finalized, will obligate vendors providing software...more
Editor’s Note: This article covers valuable insights on artificial intelligence’s (AI) evolving role in cybersecurity and incident response shared during an expert panel discussion. As cybersecurity, information governance,...more
On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and...more
On July 14, the California Privacy Protection Agency (CPPA or the “Board”) hosted a meeting to discuss key issues. Notably, the Board’s New CPRA Rules Subcommittee (“the Subcommittee”) previewed three areas of forthcoming...more
Emerging developments in AI, Machine Learning, Natural Language Processing, Automation, and More – Where Does it All Fit Inside the World of GRC? AI-driven technology has been making headlines for breakthroughs as well as...more
Following a California Chamber of Commerce lawsuit, a Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. The suit argued that California...more