Risk Topics

Managing uncertainty and change
for technology organizations.

Welcome! This website is about managing risk at the technology service organizations that service regulated industries such as finance, health, and the public sector. It is being compiled by Michael Werneburg, a Toronto-area specialist in the field, with the mission of engendering conversation, promoting study, and promoting good implementation.

Risk, opportunity, and the service organization

How to get a technology service organization through a SOC-2 audit with a minimum pain and with maximum gain. This goes beyond the how-tos of information security and good governance and explains the competitive advantages that a company will invariably experience when it can consistently excel.

Third party risk

Too frequently, we share data with vendors without a second thought, assuming that they have the same attitude towards that data that we do: the same care and the same competence. This is a guide to evaluating vendors for their capabilities in keeping your data secure.

On cyber security

A terrible word for an intractable problem.

On strategic risk management

Strategic risk is where the big problems lie. I'm organizing some thoughts on the subject, here.