Welcome! This website is about managing risk at the technology service organizations that service regulated industries such as finance, health, and the public sector. It is being compiled by Michael Werneburg, a Toronto-area specialist in the field, with the mission of engendering conversation, promoting study, and promoting good implementation.
How to get a technology service organization through a SOC-2 audit with a minimum pain and with maximum gain. This goes beyond the how-tos of information security and good governance and explains the competitive advantages that a company will invariably experience when it can consistently excel.
A terrible word for a horrible problem.
Strategic risk is where the big problems lie. I'm organizing some thoughts on the subject, here.