Sravish sits down with Aaron Kirkpatrick to discuss the latest security and GRC trends.
Here is what they discuss:
🏆 Showcasing GRC’s value to your organization
🤔 Handling last-minute security questionnaires
🚩 Common vendor evaluation red flags
🚀 The future of GRC in 10-20 years
Timestamps:
0:41 Why do you lean towards evidence and controls over documents and policies in the realm of GRC?
2:54 How do we make GRC more accessible, more current, and more fundable in organizations?
3:44 What are some practical tips you have to showcase the value of GRC to the rest of the organization?
7:08 When a salesperson shares a lengthy security questionnaire on a Friday morning with a deadline the same day, what goes through your mind?
8:28 What advice do you have for startups with a small team to answer security questionnaires effectively?
11:04 Are there any red flags that you commonly see when you evaluate vendors?
13:36 Despite possessing a SOC 2 certification, organizations continue to receive security questionnaires. Don’t we trust auditors?
16:12 Do you have any best practices to share for young companies pursuing their first SOC 2?
18:15 How can you get the budget for SOC 2 Type II?
19:15 Who have you worked with in the GRC industry that is a Trust Champion?
22:07 What do you think we will be doing differently 10 or 20 years from now in GRC?
Learn about aligning security and compliance to your business goals.
