Blog
TPRM : Need for Change and The Way Forward
Third-Party Risk Management (TPRM) is a key component of information security (infosec) programs and it requires significant focus. This is borne out by breaches in the news as well as known data …
Privacy Shield: Weighing the Risks and Benefits of Withdrawal Versus Recertification
Co-written by Monica Meiterman-Rodriguez, Privacy Consultant, and Dan Goldstein, Co-founder and Partner of Tueoris. In the wake of the Schrems II decision, invalidating the EU-US Privacy Shield as a mechanism …
Next time you do a Risk Assessment or Analysis, make sure you have Risk Intelligence on board
I was prompted to write this quick post this morning when I read this article. I think it is a good example of what some (actually many, in my experience) …
Security Due Diligence For Microsoft 365 User Organizations
Co-written by Monica Meiterman-Rodriguez (Privacy Consultant) and Brian Ching (Information Security and Privacy Analyst) A majority of global enterprises are now using Microsoft 365 (“M365”) as their primary office application. …
Healthcare Interoperability and Information Security : It Is Not About Compliance
Rarely do we encounter regulations that also have the potential of spurring innovation and generating significant positive outcomes in health, wellness and indeed the larger economy. That is exactly the nature …
Healthcare Interoperability: Preparing to Meet New Privacy and Security Obligations
Written by Dan Goldstein (Partner and Co-Founder), Kamal Govindaswamy (Partner and Co-Founder) and Monica Meiterman-Rodriguez (Privacy Consultant). Healthcare Information Technology (Health IT) in the United States has undergone considerable change …
SCCs under Scrutiny: Transfer Strategies for US Companies Contracting with EU Service Providers
For many US-based multinational organizations, EU-approved Standard Contractual Clauses (“SCCs”) have long represented a relatively straightforward solution for the compliant transfer of personal data of EU residents to the organizations’ …
How to Prepare for SCC Scrutiny in a Post Schrems II World
Written by Dan Goldstein, Partner and Co-Founder of Tueoris, LLC In the aftermath of the EU Court of Justice’s Schrems II decision, multinational organizations in the US and around the …
How can Infosec GRC Deliver Wins in Risk Management?
Information security (infosec) risk management can often seem overwhelming and hard. Organizations can spend considerable resources on infosec programs or solutions, yet they may have challenges in implementing commensurate and demonstrable …