Brainloop, a supplier of software solutions for high-security management of confidential documents, recently issued a white paper titled "Ten Questions to Identify Compliance Risks When Sharing Information."Authored by Cheryl Klein, CPA, CISA, CITP and founder of GRC Consulting Services, the paper analyzes ten common business scenarios that expose companies to potential compliance risks when sharing documents with partners, auditors, vendors, or any other individuals outside the corporate network.
Klein said that corporate and regulatory compliance policies require companies to ensure information flows are documented, auditable, and highly secure, yet at the same time, companies must share sensitive information outside the firewall in order to conduct business, which introduces serious potential information risk.
Traditional information security controls provide protection behind the firewall for most of a company's documents, yet fail to address the issue of protecting documents that must be shared outside the enterprise.
The Brainloop white paper presents 10 questions that help businesses identify compliance risks and explore mitigation strategies, along with best practices suitable for each scenario. Also, it explains extending centrally-defined policies to the departmental level, implementing appropriate access controls for diverse document types and user roles, managing personal information, and controlling external collaboration as well as other security measures to consider. Klein added that identifying compliance risk is crucial because even the most conscientious people can breach security policies unintentionally and it's critical to confirm document access with audit trails and logs to ensure compliance regulations are followed correctly.
Anuradha Shukla is a contributing editor for TMCnet. To read more of Anuradha’s article, please visit her columnist page.Edited by
Stefania Viscusi