Governance, Risk Management and Compliance (GRC)

The latest news on Governance, Risk, and Compliance from Microsoft.

Governance, Risk Management and Compliance (GRC)

  • Feedback Requested: What is your biggest compliance headache?

    This is your opportunity to vent! What causes you the most heartburn around compliance. Is it the auditors? the documentation? the requests for evidence? Leave your biggest compliance headache in the comments. --Bill Canning
  • Paper Harmonizes COBIT, ITIL, and ISO 17799

    ITGI and the UK government's Office of Government Commerce (OGC) have released a paper that shows how ITIL and ISO 17799 can be mapped up under the COBIT framework. This seems like a valuable thing to me, since one of the main complaints about COBIT ...
  • Regulatory Compliance is a Treasure Trove of Value

    Regulatory Compliance (RC) is a treasure trove of value. From better business intelligence to improved security, the benefits of RC abound. The key is to understand the payback and how to get it. It is a mistake to view costs of RC as greatly outweighing...
  • Don't Panic

    Addressing the caveats of regulatory compliance is like approaching any other risk. We will look at the risk and then we will develop a plan to mitigate the risk. Sounds simple, right? Good, because it really is as long as we know what we need to do....
  • Regulatory Compliance and the IT Manager

    There are a lot of legislative bodies that are requiring IT to protect information for different reasons. It would appear that IT Professionals now need to add paralegal to their repertoire as we address some of the new challenges to defending the enterprise...
  • Reaching Out to Individual Contributors

    The most important but sometimes overlooked aspect of regulatory compliance is in getting the buy-in of the people who will be doing the work. Getting management buy-in is a pretty simple matter of discussing economics and the negative impact that non...
  • Auditing Rant!

    I am seeing a disturbing trend in the industry and I am going to complain. Over the past few months, I have seen requests for clarity for SOX compliance auditing from IT managers through their contacts at Microsoft. Questions are being posed by these...
  • A Sustainable Spreadsheet Compliance Framework with Excel 2007, Office 2007 and Office SharePoint Server 2007

    Spreadsheets are ubiquitous. For many organizations they are a critical resource and essential to business processes. With Office 2007 and Office SharePoint Server 2007 it will be much easier to maintain a sustainable spreadsheet compliance framework...
  • Regulatory Compliance Planning Guide Beta Coming

    Just a heads up that Microsoft soon will be making available a beta version of a Regulatory Compliance Planning Guide that my team (Solutions for Security and Compliance) is developing. This guide will help readers understand the types of controls that...
  • The "F" Word

    The word is framework, of course. What did you think? It is important that we establish some way of defining the processes we are going to use and where they fit into the overall schema for our enterprise. I am not going to say that you should adopt...
  • Microsoft release the Regulatory Compliance Planning Guide

    Yesterday, Microsoft released the Regulatory Compliance Planning Guide. This guide is available at http://go.microsoft.com/fwlink/?linkid=56114 . The Planning Guide: shows IT professionals how they can use an IT controls framework to help address...
  • Break Down Regulatory Complaince Into Manageable Steps

    Are your regulatory compliance (RC) policies being followed the way you expect them to be? Helping employees comply may be easier if your RC implementation is broken into manageable steps. JC Cannon provides some excellent advice for breaking down the...
  • Contributory Compliance Technologies

    A problem for regulatory compliance document and data management systems can be employee subversion, whereby employees try to find ways around the hurdles in the management system. They might create their own local copies of documents or spread sheets...
  • Regulatory Compliance Learning Resources

    There's a new page on Technet that lists regulatory compliance resources currently available from Microsoft. The URL is http://www.microsoft.com/technet/security/learning/compliance/all/default.mspx . Additional resources will be added to this page as...
  • Old News: COBIT 4.0 Released

    Toward the end of last year, the IT Governance Institute released the latest version of their Control Objectives for IT framework (COBIT 4.0). They have simplified the framework a bit, as well as added a maturity model at the high-level control objective...
  • National Data Breach Notification Law Coming?

    There may be a new law to comply with: a federal data breach notification law (a la California SB-1386). See http://www.msnbc.msn.com/id/8318664/ for more information. --Bill
  • AMR predicts regulatory compliance spending

    AMR Research recently released their predictions for regulatory compliance spending. In short, they predict spending of $15.5 billion for 2005, and $80 billion over the next 5 years. See the article here .
  • Non-RC: Shared Use Toolkit Beta Released

    One of my co-workers has just released a beta version of a very cool toolkit for shared computers. You can find out more here . --Bill Canning
  • SOX spending will continue

    According to this article , two-thirds of CIOs say that SOX spending is a high-priority, and of those, almost 50% say that spending on SOX will increase. --Bill Canning
  • Payment Card Industry Standards Updated

    Excerpted from SANS NewsBites (see www.sans.org to subscribe): --Credit Card Companies Update PCI (8 September 2006) The five major credit card companies, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International...
  • Regulatory Compliance Blogs again.

    Welcome Back! As a reader of this blog, I felt it was important to try and bring some life back to the site. So today we start to publish NEW content, about complex issues such as GRC! Over the next several months, this blog will explore where...
  • Health Vault = Compliance

    I don’t know about you, but for me it's a challenge to keep up with the health information of myself and family. If you haven't seen it yet you should check out HealthVault . The current version allows you to collect, store and share health information...
  • How to Use AccessChk.exe for Security Compliance Management secguide blog!

    In a partner secguide article we invited Michael Tan, one of our senior program managers, to introduce a new feature in the recently updated Sysinternals tool called AccessChk. The first part of a two-part article discusses how the new AccessChk feature...
  • Microsoft Regulatory Compliance Planning Guide Update

    One of our Solution Acclerator teams is looking for your help, please join us for this great discussion this Wednesday for a Live meeting; IT personnel often feel unprepared to meet management's need for IT compliance because of myriad definitions...
  • What is Zermatt?

    SOX doesn’t matter as much as a “change of SOX.” HIPAA does not matter as much as a change to HIPAA. Basil I does not matter so much as does Basel II. Current regulations don’t matter as much as the next regulation does. We live in an endless torrent...