Welcome! This website is about managing risk at the technology service organizations that service regulated industries such as finance, health, and the public sector. It is being compiled by Michael Werneburg, a Toronto-area specialist in the field, with the mission of engendering conversation, promoting study, and promoting good implementation.
How to get a technology service organization through a SOC-2 audit with a minimum pain and with maximum gain. This goes beyond the how-tos of information security and good governance and explains the competitive advantages that a company will invariably experience when it can consistently excel.
Too frequently, we share data with vendors without a second thought, assuming that they have the same attitude towards that data that we do: the same care and the same competence. This is a guide to evaluating vendors for their capabilities in keeping your data secure.
A terrible word for an intractable problem.
Strategic risk is where the big problems lie. I'm organizing some thoughts on the subject, here.