The Art of Leveraging Governance, Risk, and Compliance Technology

Post Date: 10/27/2014
feature image
I recently contributed an article for WallStreet & Technology discussing how financial organizations can enhance trust, accountability, and transparency through the proper use of Governance, Risk, and Compliance technology. Following the media frenzy around the data breaches at Experian and Home Depot, organizations are facing heightened demand for data privacy and compliance regulation. In Grant Thornton LLP's survey of more than 400 chief audit executives from US organizations, 31 percent of respondents ranked compliance risks as their top concern, and 42 percent believe that data privacy has the most potential to impact company growth. Despite these findings, only 29 percent of respondents are using a governance, risk, and compliance tool, and only 22 percent believe their organization is leveraging GRC technology effectively. Why is there such disconnect between what is important and what is occurring? Businesses often create policies, practices, and controls without a true understanding of life on the ground in the company. In the article, I discuss the benefits of implementing compliance technology, but also ways to choose the correct tool for an organization’s unique needs. The most important GRC technology features are able to:
  • Discover data across multiple gateways to shed light on dark data and other potential risks.
  • Scan content in motion or at rest against out-of-the-box or customized checks for a wide range of privacy, information assurance, operational security, sensitive security      information, and accessibility requirements.
  • Drive enterprise classification and taxonomy with user-assisted and automated classification for all content.
  • Take corrective action automatically to secure, delete, move, quarantine, encrypt, or redact risk-defined content.
  • Enhance incident tracking and management with an integrated incident management system, in addition to trend reports and historical analysis to measure improvements over time.
  • Monitor data and systems on an ongoing basis to demonstrate and report on conformance across your enterprise wide information gateways and systems.
To read more about how financial organizations can properly implement GRC technology, please visit WallStreet & Technology. To learn how AvePoint helps organizations implement the compliance and risk management technology for their unique needs, please visit our website.

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all posts by Dana S.

Subscribe to our blog