Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.


Welcome to the Compliance topic!

Collaborate, contribute, consume and create knowledge around compliance with topics such as regulatory (Dodd-Frank, SSAE16, PCI, etc.), and activity used to comply with these topics.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
661 Members
3 Online
10195 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 50 total

Must be a Topic member to contribute
View All »
Hello, Have anyone implemented Compliance Forge - Digital Security Program (DSP). My interest in it structured policies, standards and procedures aligned with major security frameworks, as well as KPI and KRI. Thank you for your input.
Joyce | 7/31/2017 2:39:33 PM | COMMENTS(1)
As business broaden in scope and relevant regulations, laws, and internal policies and procedures play a major role in operational constraints and opportunities. Given that Information Technology resources and record sources are increasingly widespread a...
Ralph498 | 12/20/2016 9:10:02 AM | COMMENTS(0)
Hello All, Can anyone suggest a good Compliance Management (both internal / external compliance requirements) tool offered as a SaaS model (Cloud)?  The work flow would be  1. Identify requirements (Contractual / security / legal / continuity / HR etc) ...
Bala Ramanan | 12/20/2016 9:08:10 AM | COMMENTS(1)
Do you have a view on the UK governments Cyber Essentials scheme? I'm conducting a MSc research project to assess the awareness of the UK governments Cyber Essentials scheme, this aims to establish how it is working in-practice. The outcome is to propo...
Andy542 | 9/25/2016 6:24:01 AM | COMMENTS(0)
Has anyone come across a  "outcomes based approach" (as opposed to the usual controls based approach)?
Phil Green | 4/12/2016 6:50:37 AM | COMMENTS(1)
Good afternoon all, What is your opinion in respect of the date in the copyright notice of a website, more specifically as to whether one should include the date when the website was originally published as in "(c) 2000 - 2016 ABC Limited" or just leave i...
Robert271 | 3/16/2016 9:40:25 AM | COMMENTS(0)

Documents & Publications: 17 total

Must be a Topic member to contribute
View All »
Posted by ISACA 642 days ago
Posted by ISACA 925 days ago
Posted by ISACA 945 days ago

Events & Online Learning: 9 total

21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.
16 Aug 2017
ISACA International Event
Grapevine, Texas, US
2017 GRC Conference - 16-18 August , Grapevine, TX. Explore the future of Governance Risk and Control through expert-led workshops and sessions developed by the IIA and ISACA. Register early for our GRC learning tracks.

Journal Articles: 55 total

Volume 2, 2017
by Ed Gelbstein, Ph.D.
Every organization tries to formalize aspects of its culture through policies. These policies define what is expected of members of the workforce and describe how noncompliance is dealt with.
Volume 2, 2017
by Brent Michel, CISA
Penetration (pen) tests are critical to operating and maintaining an effective information security program.
Volume 6, 2016
by Eva Sweet, CISA, CISM
What are the benefits and impacts of the GDRP on enterprises that are in the EU and those that are outside of the EU and doing business with EU nations?
Volume 6, 2016
by Ilya Kabanov, Ph.D.
On 4 May 2016, after four years in the making, the European Union (EU) General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union and officially set an application date.
Volume 6, 2016
During the past 30 years, enterprises have been embracing new methods to transform their operations to use IT and related technology to provide a higher level of customer service.
Volume 6, 2016
by Shirali Vyas, CA, ICAI
The 2008 financial crisis and its cascading effects have made it necessary to redefine the supplier risk management norms.

Wikis: 2 total

Blog Posts: 74 total

295 days from the time I am writing these words is the beginning of enforcement for GDPR. By the time this is posted to the Web, that number will be smaller. There will be fewer days still once you read this. Time is a funny thing. But these words are ...
Posted By : HPMahan | 0 comments
Recently while reading through various cyber security threat feeds, I ran across a very interesting article describing ways to protect your identity and personal data.  In the article the author discussed "Understanding your data-protection and privacy ri...
Posted By : James948 | 0 comments
The PCI Council has announced some new information on the upcoming version of PCI - Version 3.2.  Find out the latest here: http:/
Posted By : Stewart141 | 1 comments
Lately I have received a number of questions and concerns around NIST 800-171 so I wanted to write a quick brief on what you need to know.What is NIST 800-171?This is a special publication released by the National Institute of Standards and Technology (NI...
Posted By : Justin238 | 1 comments
The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) was adopted by the European Union on 23 July 2014 and entered into force on 17.09.2014.The rules on trust ...
Posted By : Julian075 | 0 comments
Manejo de TI interno. El tener toda la estructura de TI internamente, sin subcontrataciones, puede dar una acumulación de problemas difíciles de manejar para una sola organización.Asociaciones con contrapartes. Al trabajar en un proyecto conjunto con una...
Posted By : Gladys789 | 0 comments