Information Management | by OCEG the Open Compliance and Ethics Group

Anti-Corruption, Information Management

Insider Risk Management Guide (2006)

DHS, Notice of Proposed Rulemaking: REAL ID (March 2007)

EU, Opinion 1/2006 on the application of EU data protection rules to internal whistleblowing schemes in the fields of accounting, internal accounting controls, auditing matters, fight against bribery, banking and financial crime

Red Flag Program Clarification Act of 2010, Public Law 111-319

FTC: Fighting Fraud with the Red Flags Rule: A How-to Guide for Business

Anti-Corruption, Employment, Environmental, Governance, Government Dealings (USA), Information Management, Product Quality/Safety, Supply Chain Management (SCM)

SAS Institute, Inc.

Anti-Corruption, Information Management, International Transactions

Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program (2009)

Anti-Corruption, Employment, Environmental, Financial Assurance, Governance, Information Management, Intellectual Property, Workplace Health/Safety

Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper

Competitive Practices, Information Management, Supply Chain Management (SCM)

CSO Security and Risk Magazine Archive

Umbrellas for Clouds: Applying Outsourcing Risk Mitigation Strategies to SaaS Transactions

Competitive Practices, Financial Assurance, Governance, Information Management

GRC Technology Roadmap Teleconference: December 18, 2008

Employment, Information Management

HHS, Office for Civil Rights: Health Information Privacy

France's Measures on Diversity and Data Protection: The Ten Recommendations of the CNIL (Littler, 2007)

E-Discovery Keeps an Eye on the Job: Employment-related litigation is shaping e-discovery, still in its infancy (2008)

Asia-Pacific Region at the Privacy Crossroads (2008)

UK, Use and Disclosure of Health Data (ICO, 2002)

UK, Retention of personnel and other related records (CIPD, 2008)

Financial Assurance, Governance, Information Management, Intellectual Property, International Transactions, Supply Chain Management (SCM)

OCEG for Technology

Financial Assurance, Information Management

Interagency Proposal for Model Privacy Form Under the Gramm-Leach-Bliley Act; Proposed Rule (2007)

Glossary of GRC Terms from Financial Services Provider Perspective

SEC Provides Guidance to Open Up Use of Corporate Web Sites for Disclosures to Investors (July 30, 2008)

SEC, Interpretive Release: Commission Guidance on the Use of Company Web Sites (2008)

SEC, Final Rule: Electronic Filing and Revision of Form D (2008)

Paisley Joins the Open Compliance & Ethics Group Technology Council

Audit Software Provider ACL Services Joins Open Compliance & Ethics Group Technology Council

Financial Assurance, Governance, Information Management, International Transactions

GRC-XML Work Group: December 16, 2008 Meeting

Financial Assurance, Governance, Information Management

ISM

Governance, Information Management

OCEG Critical Conversations Series: CIO at the Center (2007)

IT Compliance and Controls:Converging Business, Information, and Controls

ITGI's VAL IT Framework

IT Governance Standard, ISO/IEC 38500:2008 Order Page (2008)

ISO/IEC 27006:2007 Order Page: Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems (2007)

AS8015-2005 - Australian Standard for Corporate Governance of Information and Communication Technology (ICT)

Effective Information Governance: A Key Component to Improving Information Quality (2007)

December 2008 Fujitsu Research Institute Presentation

Ask the Analysts

Managing Compliance Requirements

NIST: Risk Management Guide for Information Technology Systems (2002)

GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)

Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)

Board Oversight of Information Technology - Data Privacy and Data Security: The New Imperative (2007)

Law Technology News

IT Executives Offered Japanese Compliance Rules (August 2, 2007)

Ask the Analysts: GRC Techology 2008

Compliance vs. Security: Which Should Lead Corporate Governance? (August 2010)

Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (Version 2.0) (GAO, 2010)

Government Dealings (USA), Information Management

DHS, Final Rule, REAL ID (2008)

Information Management

Record Retention & Data Management

Business.Gov: Computer and Information Security

Council of Europe's Data Protection Page

45 CFR Part 164.500 et seq., Subpart E, Privacy of Individually Identifiable Health Information (As amended)

The ABCs of the IT Infrastructure Library (ITIL)

GPO, Privacy Act Issuances

Patchwork of Privacy Regulations (CSO Magazine, 2006)

Information Governance Engagement Area

FCC, Customer Proprietary Network Information, Final Rule (2007)

Next in Data Protection Management to Ensure Business Continuity and Compliance (2007)

Why Compliance Pays: Reputations and Revenues at Risk: Executive Summary July 2007

Data Storage Today

Identity Governance Framework (IGF) Site (Oracle, 2008)

Canadian Privacy Law Blog

FTC, Broadband Connectivity: Competition Policy (June 2007)

NIST, Managing Risk from Information Systems, Second Public Draft (April 2008)

DHS, IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development (2008)

ISO 27001 - The Information Security Management Standard

IT Governance and Risk Management: Store Your Data to Ensure Compliance (2007)

IT Governance Defined

Electronic Discovery Reference Model ("EDRM")

Sedona Principles

DIRKS

FTC's Website Privacy and Security Rules for Every Business, The (2007)

Enterprise Data Classification: A Distributed Problem Requires a Distributed Solution (2007)

NoticeBored.com - White Papers

GRC-XML Working Group Meeting #2 - February 13, 2008

2007 ITIL Glossary

Glossary of Terms from Compliance Spectrum

GRC Blueprint: February 2008 Working Group Meeting

GRC Ecosystem - February 2008 Draft from Corporate Integrity

GRC Ecosystem Components List - February 2008 Draft from Corporate Integrity

Acquire a global view of your organization's security state: the importance of security assessments (IBM, 2007)

GRC-XML Working Group Meeting #4 - March 25, 2008

Red Book/GRC Ecosystem Functional Category Alignment - V 1.1

OCEG GRC Glossary - Draft 03-27-08

Q1 2008 OCEG Technology Council Roundtable

Taxonomy Work Group - Final Presentation before Blueprint Work Group Merger

GRC Technologies Glossary

GRC-XML Work Group Monthly Meeting

OCEG Intellectual Property Agreement

IT Governance Institute's VAL IT Model Overview

GRC-XML Work Group Overview - June 6, 2008

ISM3 Model V 2.0

EU Parliament split over electronic data protection (2008)

European Commission: Proposed revision of the Directive on electronic data protection (2007)

European Parliament: Webpage on the legislative procedure on the Directive on electronic data protection

Minimizing the Risk That E-Discovery Failures Will Create Corporate Liability (2008)

Easing e-discovery preparation by mapping enterprise data (2008)

Prepared for e-discovery: What to know about content monitoring and filtering (2008)

ISM3 Model V2.1 Overview

OCEG GRC Technology

GRC-XML Work Group Meeting on July 30, 2008

All Access Pass

Related communities

Featured OCEG Programs

GRC Fundamentals on Demand