GDPR & Data Discovery – Just like eating an elephant, where do you start?

The Art of Knowing The required compliance date for the EU GDPR is officially less than two months away. And although we’ve heard the warnings about the importance of this regulation, not to mention the heavy hand that’s going to accompany it, many organizations remain extremely unprepared. As part of the Regulation, organizations must know […]

Preparing for a compliance audit…and why companies aren’t … Part 2 Steps to Compliance

In my last article I discussed compliance in an ideal world, but then talked about the reality that companies face regarding compliance efforts in the real world.  If you are ready to move your organization’s compliance and security posture closer to the ideal world, here are seven steps every IT organization should take whether they […]

Preparing for a compliance audit…and why companies aren’t

  Ideal World In an ideal world, a robust Information Security Program is a prominent feature of any IT or service organization’s security, compliance and audit strategy.  An overseeing governance, risk and compliance committee, comprised of key stakeholders, would complete a risk assessment prior to a service being launched.  Including having process and system risks […]

Sienna Group chosen for 20 Most Promising Compliance Technology Solution Providers

The Sienna Group is recognized by CIO Review magazine, as part of its annual listing, as a company at the forefront of providing compliance solutions and impacting the marketplace. Read the Article in CIO Review Magazine Visit our webiste

Managing Controlled Unclassified Information (CUI) – Part Two of a Three Part Series

In my first blog on Controlled Unclassified Information (CUI), I discussed ways in which your organization could get started with the Defense Federal Acquisition Regulation Supplements (DFARS) compliance activities around CUI and the deadline of December 31, 2017.  Hopefully, everyone reading this part two of the three-part series has created the policies required to identify, […]

End-of-Year Security Assessment Checklist

  We are closing in on another completed circle around the sun. A journey that has produced, yet again, more newsworthy data breaches that eclipsed those of yesteryear. Common headline, different time. Although these breaches are raising organizational and consumer awareness, we still commonly encounter two familiar end-of-year themes: Your organization is scrambling to execute […]

John Ford – IT Nation 2017 Featured Speaker

Transforming your MSP into an MSSP You have a trusted and lengthy relationship with your customers, but now want to expand your business to include the opportunities within the IT Security arena. How do you communicate this without customers feeling you’ve been leaving something off the table in your current offerings? This session will provide […]

Getting Started with Controlled Unclassified Information (CUI) – Part 1 of a 3 Part Series

CUI appears to be the new buzzword for the end of 2017, especially for companies who are struggling with compliance to the Defense Federal Acquisition Regulations (DFARs) requirements and NIST SP800-171.  All is not lost, nor is it difficult to get started at this late date.  Over the next month, I will discuss CUI a […]