September 11, 2018

Understanding Bowtie Risk Visualization

Bowtie risk visualization and Critical Control Effectiveness monitoring work hand-in-hand. Unlike traditional risk evaluation tools, the bowtie method makes the direct link between risk, controls and the management system to implement these. Risk and critical control effectiveness The Critical Control Effectiveness Monitoring (CCEM) process is based on a comprehensive baseline risk assessment conducted across the site to identify ‘Priority Unwanted […]
October 18, 2016

Why ‘Best Practice’ is sometimes not enough

  By Paul de Kock Best practice is a fluid concept, especially in the rapidly evolving Governance, Risk and Compliance (GRC) landscape. You often hear about ‘best practice’ when it comes to implementing GRC solutions. Too often, though, the idea of ‘best practice’ is driven by what suits the vendors, rather than what is in the customer’s best interests. What […]