As ever-increasing numbers of data breaches of unprecedented size continue to occur and evermore regulations are mandating good security practices, it seems companies are being asked to demonstrate security controls and compliance to an ever-increasing number of interested parties. These requests for information (RFI) come in many forms, including questionnaires, requests for proposal (RFP) and even on-site audits. Managing and responding to these requests can often feel like a frustrating, disjointed and muddled process, especially when approached as a series of one-off requests or projects instead of part of business-as-usual.
This presentation will provide 5 keys to turning your company’s security audit and RFI scavenger hunt into an efficient and measurable process using lessons learned from over 10 years of experience at public and private companies in highly-regulated industries.
- Suggestions for getting organized using tools your company already owns
- Ways to make the process repeatable…and fast
- Tips for providing the information the auditor really wants
- Options for process measurement and reporting
About Tennelle Anderson
Tennelle has over 16 years of experience in information security, audit and compliance roles, including 10 years creating, leading and transforming security, compliance and audit programs and teams at public and private companies in highly-regulated industries. Tennelle’s previous experience has focused on providing companies with a competitive advantage by creating a framework for the proactive assessment and treatment of compliance and security risks and the organized and timely resolution of security and compliance deficiencies. In addition, Tennelle has effectively balanced the management of a number of varied security and compliance requirements and frameworks, including ISO 27001:2005 & 2013, PCI-DSS, HIPAA Security Rule, Safe Harbor/EU Data Privacy Directive, SAS70/SOC2, and Sarbanes-Oxley (SOX). Tennelle currently holds CISSP, CISA and CPA certifications.