2024 Connect Agenda

Celebrate the power of connection and collaboration within our community, as we reflect on the achievements and milestones of the past year and acknowledge the collective efforts that have contributed to the success of our our customers.

Speakers:

Chris Pantaenius, Co-founder & CEO

Michelle Randall, CMO

Gain an in-depth overview of Onspring’s software innovation roadmap, highlighting the company’s vision, strategic approach, and key initiatives. We will delve into the core principles that drive Onspring’s innovation strategy, emphasizing the company’s commitment to customer-centricity, collaboration, and continuous improvement.

Hear insights on the company’s research and development efforts, including how Osnpring leverages emerging technologies to create innovative solutions that address real-world challenges. Leave with plans to enhance your Onspring instance and take advantage of new use cases arriving in the near future.

Learning Objectives: 

• • New platform features & products rolling out in the next 12-24 mos. 
  • Debut of new products & how you can leverage in your existing Onspring instance

Speakers:

Brett Sommers, Director, Product

Ryan Lougheed, Director, Platform

Layered amid ‘90s hip-hop references and neuroscience stats, best-selling author Julie Brown discovered something interesting: Business executives across industries overwhelmingly agree that strong and effective relationships are essential to personal and business success, yet only 24% of companies have a plan to foster and manage relationships. She’s here to make sure YOU have a plan and the down lo’ on how to prepare for every kind of meeting and enter any networking event with confidence and maybe some rizz.

You’ll get her IRL secrets for:

• • How to approach people and groups without making it weird
  • How to skip the small talk and ask big questions
  • How to follow up in ways that bring your working relationships to the next level

Presenter: 

Julie Brown, Speaker, Author, Podcast Host

Asureti’s team of GRC professionals collaborate with clients to tailor controls and policies to their specific needs, ensuring readiness and maturity in compliance practices. By leveraging their experience, Asureti streamlines processes by integrating controls into system-managed (Onspring) workflows for record-keeping and reporting.

Asureti’s approach focuses on establishing a common set of controls that apply consistently across multiple lines of business and applications within an organization. While the controls remain the same, the ownership and evidence collection may vary. As organizations grow, the ownership of controls expands, necessitating a more efficient way to manage testing and evidence collection. Asureti addressed this challenge by developing a new application to use with the Controls functionality within Onspring to associate one control record with multiple lines of business, applications, and systems, thus reducing redundancy and ensuring consistency.

The common controls application developed by Asureti simplifies the tracking and testing of controls by enabling the rapid generation of evidence requests and through easy training for users. Dashboards are included to allow stakeholders to monitor common controls by lines of business, system, and owner. This solution is particularly beneficial for organizations with common controls that span multiple businesses or applications, have different owners, and require varied evidence collection. Importantly, the solution seamlessly integrates with the existing Control application, making it easy to implement and remove if needed.

Presenters: 

Ron Cluckey, GRC Solutions Senior Consultant

Brandi Lawson, Director of Client Services

Vendor questionnaires. They’re time-consuming, quasi-accurate, and everyone loathes them. That’s why the University of Kansas Health System was looking for a more sophisticated approach as well as a comprehensive view of third-party vendor risk to make proactive decisions for patient safety. More than just third-party ratings, they wanted actionable insights to improve their security posture. See how they combined third-party vendor data with the FAIR risk methodology in Onspring to look for vendors prone to ransomware, to immediately activate remediation plans, and to avoid production, reputation, and financial loss with their policies.

Learning Objectives: 

• • How to get instantaneous visibility of third parties and their security postures
  • How to incorporate the FAIR risk methodology into your third-party risk management program
  • How to achieve more by gaining buy-in from executive stakeholders

Presenters: 

Megan Loescher, Senior Cloud Security Analyst

Jennifer Blackburn, GISF, CDPSE, Cybersecurity Analyst

Adopting Artificial Intelligence (AI), notably Large Language Models (LLMs), into Third-Party Risk Management (TPRM) transforms risk handling by enhancing data analysis, streamlining compliance, and improving decision-making. In this presentation, we will discuss the how integrating AI into your TPRM practice with Onspring can assist with efficiency, risk management, and strategic insight, balancing innovation with ethical and regulatory considerations. The presentation will include live demonstrations of how AI is integrated directly into the Onspring platform.

Presenters: 

Andrew Gunter, Partner, GRC Consultant

Jason Rohlf, GRC Consultant

Organizations often use risk as a mechanism to decide whether or not to move ahead on a project or deploy a solution. However, what if you used risk as an ongoing tool to help you evaluate where BEST to put controls in place in your enterprise?

Come hear Doug Williams, Enterprise Risk Architect at Costco, as he explains how he has used this approach to help organizations optimize their security posture, while reducing their risk footprint. You’ll hear directly from someone who has “been there / done that” and get tips on how you can make your GRC program remarkable!

• • Practical insights to help you define “what does good look like” in your organization.
  • Strategies for reducing your risk footprint.
  • Techniques and tips on how to make your GRC program remarkable.

Presenter: 

Doug Williams, Enterprise Risk Architect, Costco

Elevate your approach to third-party risk management by harnessing the power of risk intelligence. This session will delve into how cyber risk intelligence can provide a strategic edge in proactively identifying, assessing, and mitigating risks associated with your third-party vendors. You’ll learn how to effectively incorporate risk intelligence within your TPRM strategy to enhance decision-making, improve due diligence, and proactively manage potential threats. We will cover practical applications, integration strategies, and emerging trends to help you build a resilient and informed cyber third-party risk management program.

Presenter: 

Jeffrey Wheatman, SVP, Cyber Risk Strategist

Over the last year, Onspring has delivered a variety of enhancements to our user interface. In this session we’ll look at some creative applications for these fantastic new features! Combining clever, practical configuration with effective design principles will provide a simple, “danger-free” ease of use to your end users and stakeholders. We’ll look at using recent Onspring additions like section labels, dashboard filters, and dashboard titles to align with modern web design principles that are intuitive to your users.

In this session, you will: 

• • Learn best practices for guiding your user’s experience through intelligent design
  • Explore available Onspring functionality to support efficient user experience
  • See how to integrate the newest Onspring UI offerings into existing solutions

Presenters: 

Kelly Walden, Manager, Learning Services
Kati Littleton, Senior Learning Specialist

The Onspring platform can integrate with nearly any third-party system, whether through a built-in integration, a data connector, or a custom API. Integrations help you enhance your processes in Onspring with richer data sets and to send data out of Onspring to other tools and systems where your users work. Join this session to explore integration options in Onspring—with emphasis on new capabilities and the future product roadmap.

In this session, you will: 

• • Learn about our full integration tool set, including the new Microsoft Live Editing enhancement in v30 of the Onspring platform
  • Understand decision criteria that will help you choose the integration options that are right for your organization
  • Preview a future enhancement for combining triggers and outcomes with the power of an API to retrieve and send data automatically

Presenters: 

Sarah Calhoon, Director, Client Support
Ryan Lougheed, Director, Platform
Stevan Freeborn, Senior Quality Engineer

The “Set” outcomes allow you to dynamically capture values in records based on logical conditions. For example, you can capture controls associated with selected risks or you can capture the user who performs a review or provides an approval. In v31, the “Set” outcomes will be supercharged to allow value settings with no direct user interaction. Join this training session to see how you can incorporate fully automated “Set” outcomes into your own processes with a few simple configurations.

In this session, you will: 

• • Learn the difference between “Set” outcomes based on direct user interaction and indirect/system events
  • Explore practical use cases for auto-setting Date, List, and Reference values automatically
  • Consider downstream configurations that may benefit from fully automated “Set” outcomes, such as content security rules and workflows

Presenters: 

Sarah Nord, Senior Director,  Learning Services
Kailyn Schutte, Director, Professional Services

Engaging your end-users has never been easier in Onspring, with multiple approaches and functionalities available in your toolkit. Bring your questions and ideas and talk with the professionals about how to increase your user adoption without spending time on complicated training or guides. We’ll look at the available options for quick and functional messaging (Did you know that Onspring integrates with Slack!?), when to schedule a report or dashboard, and how to get the information you need from the people who have it—all in one seamless process.

In this session, you will: 

• • Discuss strategies for attaining buy-in from end users
  • See live demos of Onspring functionality tailored to promote engagement
  • Learn which functionalities might suit your use case

Presenters: 

Kelly Walden, Manager, Learning Services
Kati Littleton, Senior Learning Specialist

In today’s interconnected business environment, managing third-party risk is more crucial than ever. This workshop will provide a comprehensive overview of best practices for effectively assessing, monitoring, and mitigating risks associated with third-party relationships.

Through interactive discussion participants will gain practical insights and explore key topics including:

• • Identifying and evaluating potential third-party risks
  • Establishing effective due diligence processes
  • Designing and implementing risk mitigation strategies
  • Leveraging technology and data analytics for ongoing risk assessment

Join us to enhance your skills in safeguarding your organization from third-party risks and to network with peers facing similar challenges.

Presenters: 

Megan Loescher, Senior Cloud Security Analyst
Jennifer Blackburn, GISF, CDPSE, Cybersecurity Analyst

We have heard from many of our clients that it is difficult to gain funding for expanding GRC initiatives. We also know how hard it is to stop “fire fighting” to focus on strategic initiatives that add value to your organization.

If this sounds familiar, then join us for a panel discussion with GRC leaders where you’ll learn how to shift from being reactive in your role to taking a proactive approach to GRC.

You’ll learn how to:

• • Create urgency around compliance initiatives.
  • Shift the dynamic in your organization to better work with stakeholders and educate them on the importance of your company’s risk stance.
  • Find time beyond “fire fighting” so you can work on strategic initiatives.
  • Build time into your week to more effectively mentor your team members.

Panelists: 

Tamika Bass, CISO, Gannett Fleming
Michael Meis, Deputy CISO, The University of Kansas Health Systems
Nichole Windholz, CISO, Onspring

Host: 

Megan Thome, Director of Brand and Content, Onspring

Here for the hot takes or the hot wings? Let’s find out during a heated discussion like no other! Inspired by the popular YouTube show “Hot Ones,” we’re bringing you cool solutions for hot situations, hosted by our very own Evan Stos, VP, Client Services.

Evan and Drew Pulitano, Director of Procurement & Contract Management of NJR Resources, will tackle your burning questions while facing some seriously spicy wings. As the heat rises, so will the intensity of this can’t-miss conversation.

What to Expect:

• • Fiery Insights: Drew and Evan will share their POVs on pressing challenges in the GRC space, from regulatory changes to risk management strategies.
  • Spicy Strategies: Hear insider recommendation on how to solve impossible asks with Onspring automation.

Warning: This session may case a burning desire to implement new strategies.

Guest: 

Drew Pulitano, Director of Procurement, New Jersey Resources

Host: 

Evan Stos, Vice President, Client Services, Onspring

We all rely on Onspring for its reporting and workflow efficiency, but PROS, a leading eCommerce optimization SaaS provider, has taken it up a notch—creating distinct automation that caters to specific requirements for its information security and compliance teams. Get the deep intel on three custom builds, how they work, and how you could adopt them into your own organization.

In this session, you learn how to build applications that allow users to:

• • Perform, track, and document Targeted Risk Analyses for PCI 4.0
  • Compare and contrast privacy regulations
  • Look up sanctions and business restrictions by country

Presenter: 

Christine Lambden, Director, Information Security and Compliance

The expectations of your organization to understand enterprise, IT, and compliance risks continue to rise, despite everything around you changing – rapidly evolving risk landscapes, complex regulatory requirements, and dynamic IT ecosystems.  Join this session to hear from an experienced GRC practitioner on how to create efficient and effective GRC programs while navigating continual change. Take in firsthand lessons and advice from successes at mid-size and large enterprises in energy and insurance.

Learning Objectives:

• • How to guide the business toward integrated and repeatable GRC processes
  • How to align and adjust GRC programs and reporting amongst various frameworks
  • How to create scalable, organization-wide efficiencies and reporting

Presenter: 

John Aaholm, GRC Technology Lead

This presentation will demonstrate, through real-world examples and practical insights, how a collaborative design process brought the Onspring Portal to life as a complementary element for third-party risk management at American Express Global Business Travel. Attendees will gain a deeper understanding of the benefits of collaborative design and the potential of the Onspring Portal to transform their organization’s approach to third-party risk management.

Learning Objectives:

• • Learn how a collaborative design process can bridge the gap between business requirements and technology solutions
  • Explore the features and functionalities of the Onspring Portal that can address third-party risk management challenges
  • Learn how to leverage the platform to streamline vendor due diligence, automate risk assessments, and centralize contract management
  • Discover how the Onspring Portal can facilitate ongoing monitoring and reporting, ensuring compliance and mitigating risks effectively

Presenters: 

Charlie Evans, Information Technology Risk & Information Security Manager, American Express Global Business Travel

Sarah Nord, Senior Director, Learning & Implementation Services, Onspring

You know what Onspring would do for other departments in your organization, but they don’t. Join us to learn effective strategies for demonstrating the value of the Onspring platform to both new and seasoned stakeholders from the third-largest retailer in the world, Costco. From developing the roadmap to leveraging a new outpouring of data, you’ll hear the first-hard experience of their collaboration with the Professional Services team to develop and secure leadership buy-in and manage organizational growth through the platform.

Learning Objectives:

• • Insights into partnering with Onspring’s Professional Services team to enhance platform data.
  • Strategies for leveraging initial buy-in to expand and integrate business processes.
  • Techniques for re-proving the value of Onspring to new stakeholders and during leadership transitions.

Presenters: 

Megan Kilner, Manager, Security Compliance, Costco
Michael Stockert, Senior Professional Services Consultant, Onspring

Have you started in an organization that was already using Onspring? Do you need to quickly catch up to get your GRC program working more effectively? If so, this session is for you!

Join Suzy Jones, Lead Analyst at Caesars Entertainment and Ryan Lougheed, Director of Product Management at Onspring for a fireside chat.

Learning Objectives: 

• • Discover five actionable tips to assist you in your on-boarding journey.
  • Learn how you can get up-to-speed fast when you’re unfamiliar with a new tool and how you can leverage Onspring resources for help as needed.
  • If you’re looking to re-demonstrate the value of a new tool, you’ll also get tips for presenting key data to stakeholders to ensure a cohesive GRC program.

Presenters: 

Suzy Jones, Lead Analyst, Caesars Entertainment
Ryan Lougheed, Director of Product Management, Onspring

Do you find it challenging to communicate cyber risk to business leaders? Cyber risks are oftentimes communicated in a traditional heat map or red/yellow/green format with technical terms that are difficult to understand. This can lead to confusion and ambiguity in helping business leaders decide where to prioritize their time, personnel and budgets to mitigate cyber risks.

In this session, we’ll discuss approaches to communicate cyber risk in economic terms. We’ll also explore ways to prepare for potential cyber incidents through financial and non-financial materiality analysis and applicability to SEC Cybersecurity Disclosure Rules. Lastly, we’ll show examples of how you can incorporate cyber economic risk data into the Onspring GRC software platform to help prioritize cyber issue remediation activities.

Presenter: 

Josh Reid, Principal, GRC Technologies Leader, Crowe

Sally Delp at Pennsylvania Lumbermens Mutual Insurance Company (PLM) had a daunting challenge at the beginning of 2023 – understand the existing vendor management solution from Onspring and then mesh PLM’s current processes with the solution’s configuration to build a custom application. This required changes to both the vendor management application and PLM’s process. Adding to the challenges, Sally had to tailor the solution to her needs – without the comfort of leveraging professional services or adding budget to her department.

During this session, you’ll get a real-world example of what it takes to build a custom application from the ground up and learn from Sally’s missteps and ultimately, her success. Leave this session with actionable insights on how you can implement controls for your company’s employees or even build a custom application, leveraging Onspring’s system.

Learning Objectives:

• • Better control and manage annual SOC reviews
  • Build stakeholder buy-in throughout the process of implementing a new system
  • Tailor and adapt Onspring to your organization’s specific needs
  • Overcome challenges when things don’t work as planned
  • Implement a solution that has others in your business thinking “wow, how did she do that?”

Presenters: 

Sally Delp, IT Governance Analyst, Pennsylvania Lumbermens Mutual Insurance Company

Bri Hurst, Sr Director, Client Development, Onspring

Whether you’re implementing Onspring for the first time or you’re a seasoned pro, you’re never alone. The Onspring team is here for you! Join this session to explore the wide array of tools, resources, and services that are at your fingertips to help you achieve your goals.

In this session, you will:

• • Explore our full range of services, from point-in-time support to longer-term implementations
  • Understand your training toolkit, from live classes to on-demand content
  • Share your feedback on services and resources that would fuel your Onspring objectives

Presenters: 

Evan Stos, Vice President, Client Services
Sarah Nord, Senior Director, Learning & Implementation Services
Kailyn Schutte, Director, Professional Services
Sarah Calhoon, Director, Client Support

Engaging your end-users has never been easier in Onspring, with multiple approaches and functionalities available in your toolkit. Bring your questions and ideas and talk with the professionals about how to increase your user adoption without spending time on complicated training or guides. We’ll look at the available options for quick and functional messaging (Did you know that Onspring integrates with Slack!?), when to schedule a report or dashboard, and how to get the information you need from the people who have it—all in one seamless process.

In this session, you will: 

• • Discuss strategies for attaining buy-in from end users
  • See live demos of Onspring functionality tailored to promote engagement
  • Learn which functionalities might suit your use case

Presenters: 

Kelly Walden, Manager, Learning Services
Kati Littleton, Senior Learning Specialist

The “Set” outcomes allow you to dynamically capture values in records based on logical conditions. For example, you can capture controls associated with selected risks or you can capture the user who performs a review or provides an approval. In v31, the “Set” outcomes will be supercharged to allow value settings with no direct user interaction. Join this training session to see how you can incorporate fully automated “Set” outcomes into your own processes with a few simple configurations.

In this session, you will: 

• • Learn the difference between “Set” outcomes based on direct user interaction and indirect/system events
  • Explore practical use cases for auto-setting Date, List, and Reference values automatically
  • Consider downstream configurations that may benefit from fully automated “Set” outcomes, such as content security rules and workflows

Presenters: 

Sarah Nord, Senior Director,  Learning Services
Kailyn Schutte, Director, Professional Services

The Onspring platform can integrate with nearly any third-party system, whether through a built-in integration, a data connector, or a custom API. Integrations help you enhance your processes in Onspring with richer data sets and to send data out of Onspring to other tools and systems where your users work. Join this session to explore integration options in Onspring—with emphasis on new capabilities and the future product roadmap.

In this session, you will: 

• • Learn about our full integration tool set, including the new Microsoft Live Editing enhancement in v30 of the Onspring platform
  • Understand decision criteria that will help you choose the integration options that are right for your organization
  • Preview a future enhancement for combining triggers and outcomes with the power of an API to retrieve and send data automatically

Presenters: 

Sarah Calhoon, Director, Client Support
Ryan Lougheed, Director, Platform
Stevan Freeborn, Senior Quality Engineer

Over the last year, Onspring has delivered a variety of enhancements to our user interface. In this session we’ll look at some creative applications for these fantastic new features! Combining clever, practical configuration with effective design principles will provide a simple, “danger-free” ease of use to your end users and stakeholders. We’ll look at using recent Onspring additions like section labels, dashboard filters, and dashboard titles to align with modern web design principles that are intuitive to your users.

In this session, you will: 

• • Learn best practices for guiding your user’s experience through intelligent design
  • Explore available Onspring functionality to support efficient user experience
  • See how to integrate the newest Onspring UI offerings into existing solutions

Presenters: 

Kelly Walden, Manager, Learning Services
Kati Littleton, Senior Learning Specialist

Join a lively discussion chock-full of quick-win ideas Christine at PROS used to create unique views, fix user glitches, and solve random requests in Onspring for her team and users at large.

Presenter: 

Christine Lambden, Director, Information Security and Compliance

You’ve been able to move beyond constant “react and fix” and on to elevating your GRC program so that your organization understands your risk posture and its importance in protecting your company. So, now what?

If you’re wondering what the next step might be, join us for insights from executives who have “been there, done that.”

Learning objectives:

• • Discover what you should be paying attention to now and how that will pay dividends in the future.
  • Understand how you can sort through the firestorm of AI vs. the reality of how it can be used.
  • Create a GRC roadmap that integrates with your company’s key objectives.
  • Hear what’s top of mind for GRC leaders and their approaches to new and evolving risks.

Panelists: 

David Johnson, Director, CBRE Investments
James Baird, CISO, GoTo Foods
Leslie McGuirk, VP Financial Compliance, Warner Bros Discovery

Host: 

Michelle Randall, Vice President, Marketing, Onspring