Security Due Diligence: An Analysis of Security in the Sales Cycle for Companies Serving the Banking Sector (Whitepaper)

Studies performed by the Ponemon Institute linked 56-59% of security breaches to third parties. At the same time, companies are increasingly leveraging specialty service providers to perform critical business functions. Combined, third-party risk is being elevated to the board level and banks are scrambling to manage their vendor-related risks. The net result for service providers[…]

How We Measure Candidates at risk3sixty

  Business boils down to one thing: People People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay,[…]

What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process. Step 1: Readiness Assessment A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC[…]

Mapping California Consumer Privacy Act (CCPA) with GDPR (Whitepaper)

Many organizations are bracing for the recent wave of Privacy regulations announced this year. In May, GDPR became enforceable, then in June California passed the California Consumer Privacy Act (effective starting 2020).  These landmark regulations provide new privacy requirements for businesses collecting and/or processing data. The purpose of this whitepaper is to compare requirements under[…]

Executive Summary of the California Consumer Privacy Act (CCPA)

On June 28, 2018, California signed into law Assembly Bill 375, the California Consumer Privacy Act (“CCPA”).  Scheduled to be effective January 1, 2020, the CCPA is based on the principles that, “California consumers should be able to exercise control over their personal information, and they want to be certain that there are safeguards against[…]

GDPR: Understanding the Impact of Automated Decision Making and Profiling (Whitepaper)

Profiling and automated decision-making are not prohibited under GDPR.  However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects. Key Questions: 1| How are automated decision-making and profiling defined under GDPR? 2| How do the general rules of GDPR apply[…]

GDPR: Understanding the Roles and Responsibilities of Cloud Service Providers (Whitepaper)

Whether it is a software or infrastructure as a service (SaaS/IaaS) almost everyone is relying on the cloud. Have you considered how this impacts your GDPR strategy? In this whitepaper we set out to clarify the role of cloud service providers as well as users of cloud services.  Key Questions: 1) What is your role(s)[…]

Build a Security Program and Run It Like a Business

I recently finished the book “Traction” by Gino Wickman. Next to Scaling-Up by Verne Harnish, I think it is one of the most actionable business books I’ve ever read. Our team has informally adopted both books as part of the risk3sixty cannon. While the book is largely about building a great running business – I[…]