Brian Tremblay, Onapsis Compliance Practice Leader, joins Security & Compliance Weekly to talk about how misconfigurations and vulnerabilities in your mission-critical applications can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. As a former auditor, Brian understands the best practices leaders can use to identify, monitor and mitigate compliance risks. Watch the full podcast episode below with Security Weekly to learn more.
Interested in learning more about how Onapsis can protect your mission-critical applications? Join us at the 2020 Gartner Security & Risk Management Summit, September 14 – 17. Click here to register now!
About the Author
Brian Tremblay leads Onapsis’s Compliance Practice, drawing on over 20 years of experience in internal audit and risk management. As a former Chief Audit Executive, he brings hands-on expertise in preparing organizations for public offerings and implementing critical frameworks like SOX and GDPR. Brian’s deep knowledge of IT General Controls and regulatory compliance enables him to guide customers on mitigating risks related to their business-critical applications. His background at global companies like Raytheon and Deloitte establishes him as a trusted authority on audit-ready SAP systems and bridging the gap between security and compliance.
More about this author
Further Reading
SAP Security Notes: March 2026 Patch Day
Vulnerable Log4j artifact in SAP Quotation Management Insurance application allows execution of arbitrary code on the server
Meet the Ona – Thomas Fritsch
Q: Please introduce yourself to the Tribe. Can you share a bit about your background, your current role, and where you live? I am 57 years old and live in Malschenberg (a small village 20 km south of Heidelberg) with a beautiful view of the Rhine plain and the SAP headquarters. Our 27-year-old son lives…
How to Execute an SAP Incident Response Strategy: The Step-by-Step Playbook
Most Security Operations Centers (SOCs) operate with a dangerous blind spot. While they have mature playbooks for isolating infected endpoints or blocking malicious IPs at the firewall, they often lack a specific protocol for the organization’s most critical asset: the ERP system. This gap is existential. You cannot simply “pull the plug” on a production…