Educause Security Discussion mailing list archives
Re: EU's GDPR - is anyone worrying/doing anything?
From: "Penn, Blake C" <blake.penn () SECURITY GATECH EDU>
Date: Wed, 30 Aug 2017 19:30:11 +0000
You don’t really need a GRC tool to track multiple compliance obligations, but it certainly can help. Archer is, and has been, the dominant GRC tool out there but it may be a little overkill for universities and there are plenty of other GRC choices out there as well these days. Most of my former clients that used it were large enterprises who could devote several FTEs to Archer alone. We are getting the GRC module as a part of our ServiceNow implementation, and I am curious to see how well it meets our needs. Regards, Blake Penn Information Security Policy and Compliance Manager Cyber Security Georgia Institute of Technology (404) 385-5480 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Stack Sent: Wednesday, August 30, 2017 14:50 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] EU's GDPR - is anyone worrying/doing anything? We had a phone call with Gartner Analyst Matt Stamper a couple weeks ago regarding GDPR and GLBA. We are going to be audited for GLBA compliance next year and I was looking to see what kind of overlap might be possible in the compliance efforts. His main advice was to implement an IT Risk Management Solution to aid in the automated tracking of compliance and controls for all sorts of frameworks simultaneously. This was not what I wanted to hear because GDPR is coming up in May 2018 and it could take me that long to do an RFP and acquire a software application. Gartner sent me their Magic Quadrant of ratings for IT Risk Management solutions. I can’t share that with the group, but I see that RSA will send you a copy if you give them your contact info. For what it’s worth, the dot representing RSA was the closest to the upper right corner on the quadrant ;-) https://www.rsa.com/en-us/resources/gartner-magic-quadrant-for-it-risk-management — David David Stack Interim Associate VP & CIO University of Wisconsin System dstack () uwsa edu<mailto:dstack () uwsa edu>
Current thread:
- Re: EU's GDPR - is anyone worrying/doing anything? Joanna Grama (Jul 03)
- <Possible follow-ups>
- Re: EU's GDPR - is anyone worrying/doing anything? Joanna Grama (Aug 21)
- Re: EU's GDPR - is anyone worrying/doing anything? Ken Connelly (Aug 21)
- Re: EU's GDPR - is anyone worrying/doing anything? Joanna Grama (Aug 21)
- Re: EU's GDPR - is anyone worrying/doing anything? Ken Connelly (Aug 21)
- Re: EU's GDPR - is anyone worrying/doing anything? Ken Connelly (Aug 21)
- Re: EU's GDPR - is anyone worrying/doing anything? Conlee, Keith (Aug 30)
- Re: EU's GDPR - is anyone worrying/doing anything? Chris Garriss (Aug 30)
- Re: EU's GDPR - is anyone worrying/doing anything? Valerie Vogel (Aug 30)
- Re: EU's GDPR - is anyone worrying/doing anything? David Stack (Aug 30)
- Re: EU's GDPR - is anyone worrying/doing anything? Penn, Blake C (Aug 30)