case studies.

Over the past decade I have helped a number of clients and employers with complex undertakings in information risk. Here are some simple case studies.

IT compliance at a Japanese bank

2018.08.22

Instituting the ITIL functions of incident management and change management at a Japanese bank.

agile in a regulated environment

2018.09.29

Agile software delivery is about quick increments of software, while regulated environments like checks and controls. Reconciling them is the trick.

obtaining SOC-2 reports at a technology vendor

2018.08.23

A technology & service provider can have great products and still get nowhere because the clients lack trust. An enterprise risk function can overcome this through tangible results such as SO

implementing PHI de-identification

2018.08.23

US-based multinational specializing in health information required a data anonymization process to replace a legacy system.

SDLC in a regulated environment

2018.08.24

Regulated industries cannot tolerate failed software releases. For a software vendor in a regulated industry, the challenge is to deliver software with new functionality, yet not impact the s

writing a risk manual for a non-profit

2019.07.21

I wrote a manual on risk management for non-profits that makes optimal use of common organization structures and avoids common risk management mistakes.

third party risk

2017.04.22

This guide on third party risk was written towards controlling a range of risks can possibly arise from the outsourcing of core functions