Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
Feature
13 Apr 2026
CIOs face new threat: Relationship-based vendor coercion
Vendor coercion in IT ties business deals to tech adoption, bypassing governance. Discover its risks, especially with AI, and how CIOs can safeguard decisions. Continue Reading
-
Feature
10 Apr 2026
Digital transformation: Balancing speed and governance
The success of digital transformation hinges on balancing rapid innovation with strong governance to avoid risks like fragmentation, technical debt and operational instability. Continue Reading
-
News
24 Mar 2022
SEC's proposed climate rule a game-changer for sustainability
Experts are praising the SEC's newly proposed climate risk disclosure rule, which would require businesses to bake climate risk into their overall risk management plans. Continue Reading
-
News
23 Mar 2022
Metaverse platforms offer opportunity and risk for CIOs
Accenture's recent Technology Vision event underscored the transformational possibilities of virtual worlds, but also pointed to security and safety challenges. Continue Reading
-
Definition
21 Mar 2022
Sarbanes-Oxley Act (SOX) Section 404
Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test, and maintain those controls and procedures to ensure their effectiveness. Continue Reading
-
Definition
21 Mar 2022
COPPA (Children's Online Privacy Protection Act )
The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that imposes specific requirements on operators of websites and online services to protect the privacy of children under 13. Continue Reading
-
News
07 Mar 2022
US awaits bill boosting technology competition with China
China's investments in tech have spurred the U.S. to take action with a U.S. technology competition bill funneling billions into tech innovation and development. Continue Reading
-
News
04 Mar 2022
Russian sanctions prompt tech to stop sales, curb services
At the urging of Ukraine's Vice Prime Minister Mykhailo Fedorov and economic sanctions, companies including Apple, Google and Microsoft have limited business operations in Russia. Continue Reading
-
Definition
02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
-
News
25 Feb 2022
Sanctions cost Russia US tech, and that may hurt
The U.S. has issued sanctions against Russia for its military invasion of Ukraine, which could face devastating IT service delivery disruption if the conflict continues. Continue Reading
-
News
16 Feb 2022
Proposal for federal tech policy focuses on privacy, security
The Future of Tech Commission wants the federal government to initiate a coordinated effort to address issues like data privacy and competition. Continue Reading
-
News
11 Feb 2022
House bill tracks foreign investment in U.S. mergers
The Foreign Merger Subsidy Disclosure Act would allow federal antitrust enforcement agencies to track foreign government investment behind U.S. business mergers. Continue Reading
-
News
08 Feb 2022
Federal regulatory efforts could affect VR, metaverse
Although Congress isn't looking to regulate VR or the metaverse yet, its efforts on antitrust and data privacy could have impacts down the road. Continue Reading
-
News
07 Feb 2022
IRS drops facial recognition plans after criticism
The agency said it will no longer require taxpayers to use a third-party website to authenticate identity and will develop its own tools to boost security and prevent fraud. Continue Reading
-
News
02 Feb 2022
Federal data privacy law efforts fizzle
As Congress shifts to antitrust enforcement, the momentum behind creating a federal data privacy law is waning. The states, meanwhile, are adopting privacy laws. Continue Reading
-
Definition
24 Jan 2022
Ethereum
Ethereum is an open source, distributed software platform based on blockchain technology. Continue Reading
-
News
18 Jan 2022
FTC, DOJ seek public input on merger guidelines
The FTC and DOJ want public input on the government's merger guidelines, used to challenge potentially anticompetitive mergers. The agencies believe the rules are out of date and ineffective. Continue Reading
-
News
27 Oct 2021
Senators push for more online child privacy protections
U.S. senators expressed frustration with social media giants for not supporting specific legislation enhancing child privacy protections online. Continue Reading
-
Feature
18 Oct 2021
Litigants face tough road with antitrust lawsuits
As big tech companies like Google and Facebook fight antitrust lawsuits in court, experts are divided on whether core antitrust laws need updating for the modern economy. Continue Reading
-
Tip
12 Oct 2021
How to evaluate and select GRC vendors and tools
There is a variety of governance, risk and compliance software on the market. Learn about some of the available products and how best to evaluate GRC tools and vendors. Continue Reading
-
News
30 Sep 2021
Differing data privacy polices challenge EU, US tech council
The EU-U.S. Trade and Technology Council plans to develop standards, address supply chain issues and define approaches to data governance, but the road ahead could be a bumpy one. Continue Reading
-
Guest Post
11 Aug 2021
IoT legislation device manufacturers need to know about
To avoid penalties and meet government agency requirements, IoT device manufacturers must adhere to new standards and regulations. Learn the latest here. Continue Reading
-
News
06 Aug 2021
Amazon GDPR fine signals expansion of regulatory focus
Amazon's $887 million GDPR fine likely stems from consumer consent and may indicate the EU is moving beyond data breaches and zeroing in on data practices. Continue Reading
-
News
14 Jun 2021
Federal data privacy legislation could benefit U.S. economy
Data privacy laws are becoming part of a 'modern economy,' according to Google's Kate Charlet, director for data governance. Continue Reading
-
Tip
24 May 2021
An adequacy audit checklist to assess project performance
Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading
-
Feature
15 Apr 2021
Managing cybersecurity during the pandemic and in the new digital age
Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
-
News
25 Feb 2021
Texas power outage flags need to revisit business continuity
Freezing conditions that caused Texas power outages affected businesses well beyond the state's borders, prompting a need for business continuity plans to be revisited. Continue Reading
-
Feature
11 Feb 2021
Changes to U.S. antitrust laws could hamper innovation
Antitrust lawsuits and regulatory proposals could have a greater impact on the technology industry than regulators expect. Expert Aurelien Portuese explains why. Continue Reading
-
Guest Post
16 Dec 2020
4 reasons to involve CISOs in mergers and acquisitions planning
As mergers and acquisitions go virtual due to COVID-19, the C-suite should include CISOs to help identify security risks, expedite cyber processes, review the new threat landscape and more. Continue Reading
-
Guest Post
21 Oct 2020
Is your company's IT governance strategy cloud ready?
As companies prepare to migrate to the cloud, they need to review their IT governance strategy before making any decisions to ensure there won't be any issues later. Continue Reading
-
Guest Post
22 Sep 2020
Ensuring your cybersecurity teams are helping the business
Business leaders need to review how they're handling cybersecurity oversight. Are leaders asking the right questions and understanding how their cybersecurity program currently works? Continue Reading
-
Guest Post
06 Aug 2020
The contradiction of post COVID-19 risk management
Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
-
Tip
24 Mar 2020
How to write an RFP and statement of work for an IT services contract
Master how to write an RFP and statement of work to get the IT services you need using these best practices from consulting firm ClearEdge Partners. Continue Reading
-
Tip
13 Jun 2019
4 steps to remain compliant with SOX data retention policies
Data retention policy is inherent to Sarbanes-Oxley Act compliance. In this tip, learn SOX data retention best practices to remain regulatory compliant. Continue Reading
-
Feature
17 Apr 2018
Tackling security debt: The role of risk register, patch management
In this Q&A, Akamai's Dave Lewis offers pointers on how to address security debt and also discusses how organizations can avoid incurring such debt. Continue Reading
-
Definition
01 Feb 2013
business continuity management (BCM)
Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
-
Quiz
15 Aug 2011
Test your social media risk management IQ: A SearchCompliance.com quiz
Proliferating social networks have cast a spotlight on social media risk management. Take our quiz to find out if you are up to speed on social media. Continue Reading
-
Definition
07 Mar 2011
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
-
Feature
22 Jun 2009
Chapter excerpt: Decision-making processes and IT governance
Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability. Continue Reading
-
Definition
12 Mar 2009
Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. Continue Reading
-
Definition
29 Jan 2009
Fair Credit Reporting Act (FCRA)
The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Continue Reading
-
Definition
06 Mar 2008
FFIEC compliance (Federal Financial Institutions Examination Council)
FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)... (Continued) Continue Reading