Blog Posts

Mind the Compliance Gap

Group-720-h

             Authored by: Kevin Hyams CPA, FCA, CFE

 

ContentS

 

 

NIST Cybersecurity Framework (CSF) V2.0

 

NIST announced on February 26, 2024, that it has released Version 2.0 of its Landmark Cybersecurity Framework. This is the framework’s first major update since its creation in 2014.

CSF 2.0 reflects several major changes, including an expanded scope, the addition of a sixth function, Govern, and improved and expanded guidance on implementing the CSF—especially for creating profiles.

The NIST Cybersecurity Framework is based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risks. It is widely used by public and private organizations of all sectors and sizes around the world. As the CSF is a living document, it will be refined, improved, and evolved to keep pace with increasing cybersecurity risks, technology, threat, and policy trends, integrate lessons learned, and establish best practice as common practice.

Version 2.0 of NIST’s Cybersecurity framework now explicitly aims to help all organizations — not just those in critical infrastructure, its original target audience — to manage and reduce risks.

NIST CSF 2.0 addresses the following functions:

  • GOVERN (GV)
  • IDENTIFY (ID)
  • PROTECT (PR)
  • DETECT (DE)
  • RESPOND (RS), and
  • RECOVER (RC)

Our offer and commitment to you

If you or a colleague are responsible for demonstrating that adequate cybersecurity protections are in place in your corporation, we would like to offer you an exclusive Zoom call/workshop to introduce you to the GRC Playbook software and Playbooks (smart Excel compliance assessment templates). You will be delighted with the ease, efficiency, and affordability of this proven solution. We are looking forward to being of service to you.

 

UK Bribery Act (UKBA)

 

What does the Act require?

Persons who perform services “for or on behalf of the organisation” (associated persons) are prohibited from a general offence of bribing, a general offence of being bribed, an offence of bribing a foreign public official (together the Principal Offences); and,

A corporate offence of failing to prevent bribery by persons associated with relevant commercial organisations (the Failure to Prevent Offence).

A Principal Offence is committed when a person (individual or corporate) either: (i) offers, promises or gives another person; or (ii) requests, agrees to receive or accepts, a financial or other advantage, with the intention of procuring or rewarding the improper performance of a “relevant function” by any person.

What are the potential consequences of non-compliance?

Companies (conviction on indictment)

Unlimited fine. Potential consequences a): a contract which has been obtained as a result of a bribery offence is likely to be found void on grounds of public policy, b) perpetual debarment from competing for public contracts

Individuals (conviction on indictment)

Imprisonment for up to ten years or an unlimited fine or both.

What do you need to do to protect your company?

The Act explicitly states that it is a full defence for an organisation to prove that despite a particular case of bribery it nevertheless had adequate procedures in place to prevent persons associated with it from bribing.

Our offer and commitment to you

If you or a colleague are responsible for demonstrating that adequate anti-bribery protections are in place in your corporation, we would like to offer you an exclusive Zoom call/workshop to introduce you to the GRC Playbook software and Playbooks (smart Excel compliance assessment templates). You will be delighted with the ease, efficiency, and affordability of this proven solution. We are looking forward to being of service to you.

 

Cybersecurity (including Ransomware)

 

Cyber threats are growing at an exponential rate globally. The ongoing challenge is exemplified in a recent report from Forbes “The cybersecurity landscape is constantly evolving, sometimes in new and unexpected ways. Defenders, often with limited resources, have the monumental task of keeping up.” According to the UK National Cyber Security CentreRansomware is the biggest cyber security challenge facing the UK today and the models used by criminals have been honed and strengthened over time.”

Executive management, boards, investors, and regulators are demanding that defensible cybersecurity procedures be put in place and maintained to address and mitigate the cybersecurity risks faced by their corporation.

Safeguarding your resources and reputation is now an increasing line item in operating budgets.

Global agencies from the US, Canada, the UK, and Australia are providing ongoing Joint Cybersecurity Advisories, frameworks, and regulatory guidance to help organizations reduce cybersecurity risk. These authoritative sources include, for example:

In the US – the National Institute of Standards and Technology (NIST), the Federal Financial Institutions Examination Council (FFIEC), the Department of Defense (DoD), the SEC's Office of Compliance Inspections and Examinations (OCIE), the New York Department of Financial Services (NYDFS), Gramm-Leach-Bliley Act (GLBA) and the Federal Trade Commission (FTC).

In Canada – the Canadian Centre for Cyber Security (CCCS)

In the UKNational Cyber Security Centre (NCSC-UK)

In Australia – the Australian Cyber Security Centre (ACSC)

Our offer and commitment to you

If you or a colleague are responsible for demonstrating that adequate cybersecurity (including ransomware) protections are in place in your corporation, we would like to offer you an exclusive Zoom call/workshop to introduce you to the GRC Playbook software and Playbooks (smart Excel compliance assessment templates). You will be delighted with the ease, efficiency, and affordability of this proven solution. We are looking forward to being of service to you.