Is anything more critical than the security of your data?

The security of your data – and that of your customers – poses arguably the biggest risk to businesses today, and is, therefore, the most critical compliance initiative that your company will undertake.  The stakes are high and the regulatory requirements can be vast.  And as more companies outsource tasks and utilize cloud services and infrastructure, the ability to control all of the aspects of data security becomes more difficult.

With all of the risk and complexity inherent in data security, the technology that you use to keep track of your compliance efforts should be simple.

itsecuritychalkboard

policyIQ serves as a great case study for policyIQ!

The policyIQ application has clients around the world who rely on the software, the team that supports the software, and the infrastructure on which the software resides to keep their data safe.  And the security compliance program for policyIQ involves many of the same complexities that our clients are managing:

  • Risk inherent in the storage of our own data, and even more critically in the management of our clients’ data
  • Distributed responsibility for critical aspects of IT security
    • RGP, our corporate parent, is responsible for things like employee background checks and HR functions;
    • We utilize Amazon Web Services (AWS) as our hosting partner, and rely on their IT security program to provide physical and environmental security for our data center.
  • Multiple IT and data security requirements, including…
    • SOC 2
    • SOX
    • GDPR

To keep our own commitments to data security, we utilize policyIQ to capture our IT policies, controls, action items, and audit trails.

With our own implementation of policyIQ, we are able to follow the SOC 2 framework and link our controls to the related requirements.  Controls are designated as being performed by our policyIQ division, RGP Corporate, or our AWS partner, allowing any team member to more quickly reach the right resource with questions or clarifications.

When it comes time for an external security audit, we can prepare evidence in advance of the on-site audit based, pull out policy documents to meet the audit requests, and document any follow-ups or recommended action items provided by our auditors to further enhance our security program.

Join us on Monday, July 8th at 1 PM ET / 10 AM PT for our CPE event on IT Security Compliance in policyIQ, where we’ll dig deeper into policyIQ as a case study for policyIQ – and take a look at other frameworks and resources that your organization might utilize for your security compliance!

And look for more blog posts through the month of July that highlight IT and data security compliance in policyIQ.

This entry was posted in Solutions, Training and tagged , , , , , by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Vice President of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, reads too many books, and spends more time than she should taking photos of her cats. She's on a mission to visit the hometown of every US President - so far managing to get to 14. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s