compliance – Page 2

New Compliance Guide Available: ISO/IEC 27001:2022 on AWS

By CIO / Blog / compliance, aws, isms, iso 27001

AWS has released a new compliance guide titled “ISO/IEC 27001:2022 on AWS,” which offers practical guidance for organizations implementing an Information Security Management System (ISMS) using AWS services. The guide helps align cloud environments with the ISO/IEC 27001:2022 standard, detailing how to integrate AWS security controls, manage governance and risks, and prepare for certification audits by leveraging AWS security, monitoring, and automation capabilities.

https://aws.amazon.com/blogs/security/new-compliance-guide-available-iso-iec-270012022-on-aws-compliance-guide/

14 Risk Oversight Principles You Haven’t Heard Before

By CIO / Blog / risk management, compliance, security controls

Protiviti’s Jim DeLoach presents 14 lesser-known principles of risk oversight aimed at enhancing enterprise risk management (ERM) effectiveness, emphasizing continuous improvement in risk reporting, integration of risk processes into business operations, and adapting to digital transformation. He stresses the importance of balancing risk and opportunity, fostering collaboration across organizational levels, making timely decisions with imperfect information, and cultivating a culture of open risk discussions, all to better prepare organizations for uncertainty and align risk management with strategic goals.

https://www.corporatecomplianceinsights.com/14-risk-oversight-principles-you-have-not-heard-before/

Back to Basics: 14 Risk Oversight Rules You Know (But May Be Ignoring)

By CIO / Blog / risk management, compliance, security controls

Jim DeLoach outlines 14 fundamental risk oversight principles that remain crucial despite advances in digital tools, emphasizing that risk management must be aligned with strategy and adapt continuously to a rapidly changing environment. He highlights the importance of understanding calculated risks, vigilance against cognitive biases, preparation for contingencies, and maintaining strong culture and communication to effectively manage critical enterprise risks and ensure organizational resilience.

https://www.corporatecomplianceinsights.com/risk-oversight-rules-you-know/

Ten Things to Ask Your IT Team About NIS2 Compliance

By CIO / Blog / NIS2, cybersecurity, compliance

The article discusses the key areas organizations must address to ensure compliance with the EU's NIS2 directive, which mandates robust cybersecurity governance and resilience. It highlights ten critical focus points including risk analysis, incident handling, business continuity, supply chain security, and the importance of continuous evidence gathering and proper IT tools. The article emphasizes that leadership must proactively oversee cybersecurity measures to meet strict regulatory requirements and maintain business continuity in the face of threats.

https://www.kaseya.com/blog/nis2-compliance/

Cisa Urges Endpoint Management System Hardening After Cyberattack Against US Organization

By CIO / Blog / risk management, cybersecurity, compliance, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert following a cyberattack on U.S.-based medical technology firm Stryker Corporation targeting their Microsoft environment. CISA urges organizations to harden endpoint management system configurations by implementing Microsoft’s best practices for securing Microsoft Intune, including least privilege administrative roles, phishing-resistant multi-factor authentication, and multi-admin approval policies, to protect against similar malicious activities.

https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization

Focus Areas When Implementing Data Protection by Design and by Default in 2026

By CIO / Blog / data protection, compliance, privacy, regulation, GDPR

Data protection by design and by default, a key principle of the EU GDPR, remains inconsistently implemented nearly a decade after its adoption, requiring organizations to consider four main factors—state of the art, cost of implementation, processing context, and risks to individuals—for effective compliance. In 2026, evolving technologies and regulations, especially concerning AI, demand a dynamic, risk-based approach that integrates ongoing assessment and adaptation of technical and organizational measures from the system design stage through deployment to safeguard personal data and uphold individuals' rights.

https://iapp.org/news/a/focus-areas-when-implementing-data-protection-by-design-and-by-default-in-2026

Stop Building Security Goals Around Controls

By CIO / Blog / security controls, compliance, cybersecurity, leadership

Devin Rudnicki, CISO at Fitch Group, emphasizes that security goals should be aligned with business outcomes rather than focused solely on controls, advocating for strategies anchored in corporate objectives, real cyber threats, and industry standards. She highlights three key metrics for security programs—value, risk, and maturity—and stresses the importance of presenting risk in actionable terms for leadership, balancing innovation speed with measured risk, and using automation to free human resources for higher-value work.

https://www.helpnetsecurity.com/2026/03/18/devin-rudnicki-fitch-group-ciso-business-alignment/

Autonomous AI Agents and the GDPR: First Detailed Spanish Regulatory Guidance Sets the Bar

By CIO / Blog / compliance, GDPR, AI, privacy, regulation, AI agent

The Spanish Data Protection Agency (AEPD) has published the first detailed regulatory guidance on autonomous AI agents under the GDPR, addressing challenges posed by AI systems that independently plan, reason, and execute tasks with limited human oversight. This guidance highlights critical compliance issues, including defining controller and processor roles, transparency obligations, data minimization, automated decision-making risks, and the need for thorough risk assessments, setting a precedent that extends beyond Spain and is relevant for all organizations deploying agentic AI in personal data processing.

https://technologyquotient.freshfields.com/post/102mmys/autonomous-ai-agents-and-the-gdpr-first-detailed-spanish-regulatory-guidance-set

Cyber Enforcement – When an Incident Is Just the Tip of the Iceberg

By CIO / Blog / incident response, risk management, cybersecurity, compliance, regulation

The article explains that recent UK enforcement trends show cyber incidents often expose broader compliance failures, making the reported breach only the starting point for regulatory scrutiny. Regulators increasingly focus on security weaknesses, governance gaps, and data-handling practices across the organization, especially after cyberattacks. Fines have risen, and enforcement actions target private-sector companies with inadequate safeguards. The article concludes that organizations must treat cyber resilience, contractual risk allocation, and data protection controls as ongoing obligations because investigations can extend beyond the original incident to encompass broader operational and legal failings.

https://www.slaughterandmay.com/insights/new-insights/cyber-enforcement-when-an-incident-is-just-the-tip-of-the-iceberg/

Scale Computing™ Simplifies PCI DSS Readiness With New Compliance Self-Assessment Tool

By CIO / Blog / tools, payments, PCI DSS, compliance, cybersecurity

Scale Computing announced the release of its new PCI DSS Compliance Self-Assessment Tool, part of the SC//AcuVigil™ managed network services. The tool helps organizations evaluate their security posture and PCI DSS readiness across all locations and vendors. It provides a personalized report summarizing strengths, potential risks, and actionable recommendations to improve audit outcomes and strengthen security.

https://www.prnewswire.com/news-releases/scale-computing-simplifies-pci-dss-readiness-with-new-compliance-self-assessment-tool-302706290.html