Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
News
16 Jul 2025
AI training, copyright issues headline U.S. Senate hearing
U.S. senators blasted companies, including Meta and Anthropic, for training AI models on copyrighted content, including pirated books and other materials. Continue Reading
-
Tip
16 Jul 2025
12 best practices to keep in mind for SLA compliance
SLAs outline the criteria for acceptable performance from a service provider. Learn best practices CIOs and IT leaders should follow when creating an SLA with a service provider. Continue Reading
-
Video
25 Aug 2016
The difference between pipe and platform business models
Sangeet Paul Choudary, founder and CEO at advisory and research firm, Platformation Labs, explains the difference between platform business models and traditional pipe models. Continue Reading
-
Tip
03 Aug 2016
Aligning IT and compliance procedures increasingly a business priority
Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment. Continue Reading
-
Tip
28 Apr 2016
Without IT process documentation, companies risk being held 'hostage' by IT
As cybersecurity breaches surge, it's important that company leadership know what IT is up to. Kevin McDonald explains why IT process documentation is a must-have best practice. Continue Reading
-
Tip
08 Jan 2016
The steps to effective cybersecurity incident response
Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach. Continue Reading
-
Tip
07 Jan 2016
How to test your DR/BC plan
Woe to the IT organization that hasn't taken its DR/BC plan out for a spin. The right kind of testing will close the gaps and save IT and the business a lot of grief. Continue Reading
-
Tip
29 Sep 2015
How to govern your IT outsourcing provider after the ITO deal is done
The best ITO deals need tweaking as time goes on. Good governance ensures that you and your IT outsourcing provider are on the same page. Continue Reading
-
Tip
10 Mar 2015
Staff shortage impacted by security and compliance skills demand
The data threat landscape has forced companies to rethink hiring processes before a staff shortage negatively impacts security and compliance. Continue Reading
-
Tip
03 Oct 2014
SOX compliance reliant on data governance strategy, with IT support
SOX compliance hinges on an effective data governance strategy, but much needed help is available from information technology tools and processes. Continue Reading
-
News
31 Jul 2014
The benefits and drawbacks of regulatory compliance automation
Increasingly complicated compliance mandates have led some businesses to implement automated processes to save resources. Participants in July's #GRCChat said compliance automation can assist data management, but also warned of unintended consequences. Continue Reading
-
News
24 Jul 2014
What to include in a post-DR-test after-action review
What should go into your organization's after-action review following a disaster recovery test? #CIOChat participants suggest what to include in the report and why. Continue Reading
-
Tip
09 Jul 2014
Three steps to keep IT policies and procedures regulatory compliant
Corporate compliance and risk management expert Jeffrey Jenkins shares how he ensures IT policies and procedures remain in sync with current compliance regulations. Continue Reading
-
Tip
18 Nov 2013
Preparation underway for Dodd-Frank conflict mineral disclosures
Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations. Continue Reading
-
Tip
13 Nov 2013
CIO tip: Learn how to present a risk-management plan to the board
CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
-
Tip
22 Oct 2013
Three strategies to align organizational compliance and security goals
Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals. Continue Reading
-
Opinion
12 Jun 2013
The GRC maturity model and value proposition
In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
-
Definition
01 Feb 2013
business continuity management (BCM)
Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
-
Tip
01 Nov 2012
Free IT organizational structure chart templates for the CIO
Use these free IT organizational structure chart templates to illustrate the relationships and hierarchy between various IT roles in your enterprise. Continue Reading
-
News
23 Apr 2012
ISACA: Update to COBIT 5 governance framework maximizes IT assets
ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. Continue Reading
-
Tip
02 Mar 2012
Is your SaaS system in line with SOX compliance requirements?
A SaaS vendor can provide many benefits, but adhering to SOX compliance requirements remains a concern. Here’s help to stay compliant when using Software as a Service. Continue Reading
-
Tutorial
03 Oct 2011
FAQ: Four criteria for an effective IT innovation strategy
In this FAQ, IT executives share four ways to kick-start and manage an IT innovation strategy that drives business value and transformation. Continue Reading
-
Tip
16 Aug 2011
How protecting against the OWASP Top 10 helps prevent compliance risk
Mapping security processes to protect against the OWASP Top 10 could ease Web application vulnerabilities and help some companies stay compliant. Continue Reading
-
Quiz
15 Aug 2011
Test your social media risk management IQ: A SearchCompliance.com quiz
Proliferating social networks have cast a spotlight on social media risk management. Take our quiz to find out if you are up to speed on social media. Continue Reading
-
Definition
07 Mar 2011
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
-
Tip
10 Dec 2010
AML compliance and money service businesses
Money service businesses are a growing part of the financial services industry but compliance with anti-money regulations is critical. Continue Reading
-
Feature
17 Jun 2010
FAQ: GARP and how it helps you achieve better information governance
Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer. Continue Reading
-
Tip
06 Oct 2009
Threat management for information systems relies on categorization
Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
-
News
06 Oct 2009
GPS devices, geolocation data create privacy, security risks
Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
-
Tip
01 Oct 2009
HIPAA-covered entities' first step should be a quality assurance plan
HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Continue Reading
-
Feature
22 Jun 2009
Chapter excerpt: Decision-making processes and IT governance
Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability. Continue Reading
-
News
19 Jun 2009
Twitter security risks, popularity spark regulatory concerns
Twitter can be used for social good, business and journalism, but the potential for exploitation by cybercriminals and noncompliance with regulatory requirements is real and growing. Continue Reading
-
Tip
09 Jun 2009
How AML compliance applies to remote deposit capture
Financial institutions rushing to deploy remote deposit capture (RDC) need to consider how the Bank Secrecy Act and anti-money laundering regulations apply to the technology. In this tip, Dan Fisher explains what measures institutions need to take to ensure compliance with BSA/AML laws in their RDC implementations. Continue Reading
-
Tip
19 May 2009
Why it may not be ideal for your lawyer to be your compliance officer
While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers. Continue Reading
-
Definition
12 Mar 2009
Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. Continue Reading
-
Definition
29 Jan 2009
Fair Credit Reporting Act (FCRA)
The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Continue Reading
-
Definition
06 Mar 2008
FFIEC compliance (Federal Financial Institutions Examination Council)
FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)... (Continued) Continue Reading