First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

cloud computing

First international standard on cloud services and personal information protection

The International Standards Organization has released a standard for privacy aimed at cloud computing service providers.

 

, , , , , , , , , , , , , , , , , , ,

What businesses can learn from Heartbleed

Much has been written about Heartbleed and the speed at which various companies have reacted to it. Notably, the Canada Revenue Agency (CRA) closed their online portal for some time and lost hundreds of Social Insurance Numbers. It was also revealed that the NSA has been using the bug for over two years to get […]

 

, , , , , , , , , , , ,

How well is your IT department positioned for the future?

Ideally your IT processes are effective and efficient, and the department itself is viewed favourably by its customers, employees, and management. If at all possible, your IT department is positioned well enough to meet future needs and you have a good grasp on what you are doing to develop opportunities to answer present and future challenges.

 

, , , , , , , , , , , , ,

Risk management in the cloud

Cloud computing may indeed be “one of the biggest revolutions to emerge in recent times,” but it also presents big risks. The global principles, frameworks and standards for risk management and accountability in the cloud itself are still very much playing catch-up…

 

, , , , , , , , , ,

Year-end round-up

Like most of you, I’m sure, I was extra busy before Christmas last year, and to top it all off, I got sick and had to leave some things unfinished. So I couldn’t bring you this brief round-up of things that happened in the last three months of 2011, much of which has to do with technology and how employers will use it to interact with employees and customers. But it’s a new year and I’ve recovered from my illness and my holidays, so without further ado…

 

, , , , , , , , , , , , , , , , , , , , , , ,

Can customers be encouraged to read privacy policies?

When was the last time you read a privacy policy? I use dozens of online services—email, social networking, data storage, banking, photos, shopping, etc.—and I’ve only skimmed a couple. What does this mean for the companies that offer these services? Can they reasonably say that they have informed their users of the content of their policies, if most users simply click “Okay” without bothering to read the things?

 

, , , , , , , , , , , , , , ,

Need to know: privacy commissioner’s report on pressing online privacy issues

In 2010, the Office of the Privacy Commissioner of Canada conducted consultations on current privacy issues, including online tracking, profiling, targeting and cloud computing. The office released its report on the consultations earlier this year, and it’s available online.

 

, , , , , , , , , , ,