SaaS compliance audits today are sufficiently thorough.

Governance, Risk & ComplianceRisk Management

Strongly Agree8%

Agree55%

Neither Agree nor Disagree26%

Disagree9%

Strongly Disagree

516 PARTICIPANTS
3.7k viewscircle icon1 Comment
Sort by:
Senior Director, Defense Programs in Software4 years ago

It depends what framework this is considering…
SOC? 😬
ISO 27001? 😊
FedRAMP? 😎

Lightbulb on2

Content you might like

The US Supreme Court has denied Oracle’s case that it wasn't awarded the Pentagon's $10bn winner-takes-all Joint Enterprise Defense Infrastructure (JEDI) cloud contract, which has now been replaced with the new "Joint Warfighter Cloud Capability (JWCC)” contract. The JWCC deal has now been limited to AWS and Microsoft only due to security standard requirements. Who do you think will win the final contract?

Amazon54%

Microsoft45%

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

Read More Comments

Will API security be one of your 2023 initiatives?

Yes41%

API security is a current initiative36%

No13%

Not sure yet9%

Other (please explain in the comments)

View Results

How does your cyber compliance team stay informed about new and changing regulations impacting your organization's compliance? Additionally, how are cyber compliance teams tracking, measuring and reporting on internal compliance?

Read More Comments

‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.

Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.

My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.

Read More Comments