pdf Download (3.03 MB)

This white paper includes data from an in-depth survey of North American organizations with regard to their plans for GDPR and CCPA compliance. The paper was sponsored by Netwrix; information about the company is provided at the end of the paper.

pdf Download (81 KB)

Regulations still need to be finalized, and there is little precedent to guide you.

pdf Download (3.97 MB)

This guide distills the California Consumer Privacy Act (CCPA) into discrete phases to help a business achieve and then maintain compliance. The guide is designed for professionals across a wide range of functions who will be impacted by the CCPA. As with all regulatory matters, please consult with your legal team to ensure your plans are consistent with internal guidelines and requirements. If you have questions on any information in this guide, or want to get an update on emerging CCPA news, please contact a TrustArc representative.

pdf Download (1.53 MB)

This new regulation applies to all for-profit businesses that collect and control the personal information of California residents, do business in the state of California, and either (a) earn $25,000,000 a year in revenue, (b) buy or sell 50,000 consumer records each year, or (c) derive at least 50% of their annual revenue by selling the personal information. All businesses that meet these conditions must comply, whether they are located in California, a different state or even a different country.

pdf Download (160 KB)

Please note that these materials are intended for general and educational purposes only, and they do not constitute legal advice. Your specific CCPA obligations depend on multiple factors that cannot be captured within a simplified checklist.

pdf Download (488 KB)

Coupa brings a complete, user-centric vision for third-party risk management to let companies make more of their compliance investments and avoid damage to the brand and the bottom line.

pdf Download (3.21 MB)

Modern cyber threats such as data breaches and attacks can have significant productivity and financial effects on the business, ranging from unexpected system downtime and business interruption to system damage and data loss.

pdf Download (511 KB)

ClearDATA is the market leader for healthcare cloud computing and information security services for providers, life sciences, payers and healthcare technology organizations.

pdf Download (298 KB)

The role of privacy officer is one that is growing in importance, partly due to legislation such as the EU General Data Protection Regulation (GDPR) that stipulates the nomination of a privacy officer role with accountability specifically for data privacy.

pdf Download (648 KB)

Many enterprises rely on third-party vendors to help facilitate the delivery of products and services to their customers. However, these relationships come with risk. Data privacy must be a top priority in these relationships.

pdf Download (5.68 MB)

Europe’s GDPR is widely-discussed in today’s news cycles and for good reason. The regulation impacts many organizations throughout the world, and violations of the regulation can result in material fines. One big question remains for many businesses, how do third-party services fit into this new regulation and what can organizations do to protect themselves from third-party risks to meet the standards?

pdf Download (703 KB)

In Forrester’s evaluation of the emerging market for cybersecurity risk rating solutions, we identified the nine most significant providers in the category — Bitsight, Fico, iTrust, Normshield, Panorays, Prevalent, Riskrecon, SecurityScorecard, and upGuard — and evaluated them. This report details our findings about how well each vendor scored against 10 criteria and where they stand in relation to each other.

pdf Download (1.54 MB)

This report (re)uses the same data set behind the Internet Risk Surface Report. It is derived from RiskRecon’s work in providing companies objective visibility into their third-party cybersecurity risk. For each organization analyzed, RiskRecon trains machine learning algorithms to discover internet facing systems, domains, and networks. For every asset discovered, RiskRecon analyzes the publicly accessible content, code, and configurations to assess system security and the inherent risk value of the system based on attributes such as observable data types collected and transaction capabilities. RiskRecon provided Cyentia a large anonymized sample of their production data set for this research.