Archive for the ‘Compliance’ Category

As Governments across the globe continue to introduce new, or revamp their existing data privacy regulations, having a compliance management solution in place is no longer optional for most enterprises. Before we continue, let’s first draw a distinction between a compliance management system (CMS) and a compliance management solution. A CMS is a collection of policies, procedures, and processes, which includes written documents, functions, processes, controls, and tools, all of … Read more

The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) is a data privacy law that applies to “any person or business which owns or licenses computerized data which includes private information” of a resident of New York. The law, which came into effect on March 21, 2020, was designed to extend the existing NYDFS (NY State Information and Security Breach and Notification Act) by imposing more stringent data … Read more

The Graham-Leach-Bliley Act (GLBA), also known as the ‘Financial Modernization Act,’ is a United States law that was passed to ensure that financial institutions obtain consent from their data subjects before sharing their non-public personal information (NPI). Before collecting information about an individual, financial institutions must explain to their customers how they plan to use and share their information. They must also implement the necessary procedural and technical safeguards to … Read more

  In accordance with the HIPAA Breach Notification Rule, covered entities are required to notify patients (and the relevant authorities) when their protected heath information (PHI) has been compromised in such a way that puts their privacy at stake. If a patient’s PHI is used or disclosed in an impermissible manner it is presumed to have been breached, unless the covered entity is able to demonstrate that there is a … Read more

  Those familiar with data security best practices will have heard of the “principle of least privilege”, which is where employees and relevant stakeholders are granted the least access privileges they need to carry out their role. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has adopted a similar principle known as “The HIPAA Minimum Necessary Standard”, which is an integral part of The HIPAA Security Rule. The … Read more

On the 1st of October, 2025, the Cybersecurity Maturity Model Certification (CMMC) will come into effect. CMMC is a cybersecurity framework that is being developed by The United States Department of Defense (DoD). What is CMMC Compliance? The purpose of CMMC is to standardize cybersecurity practices across the federal government’s defense industrial base (DIB), and to ensure that organizations who handle Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) … Read more

What is ISO 27001? The International Organization for Standardization (ISO) consists of representatives from various national standards organizations. With the exception of acronyms, they develop and publish international standards for pretty much everything. ISO 27001 is the international standard for information security management systems (ISMS). Who does ISO 27001 apply to? One might assume that it only applies to IT companies, such as software companies and cloud service providers. However, … Read more

The Gramm-Leach-Billey Act of 2019 (GLBA), is a federal law in the United States of America that has been constructed to improve visibility over how financial organizations share and protect customer information. It is sometimes known as the Financial Modernization Act of 2019. In short, to be GLBA compliant, financial organizations have to be more transparent with their customers about how they are sharing their sensitive information, ensure that customers … Read more

The Sarbanes-Oxley Act of 2002 was passed by the United States Congress with the goal of providing security for consumers and the general public against corporations acting maliciously or carelessly. The general requirements of SOX compliance are geared towards ensuring that companies are transparent when it comes to financial reporting and that there are more official rules in place to prevent fraud. Adhering to SOX compliance requirements is not only … Read more

The Criminal Justice Information Services (CJIS) is the largest division of the United States Federal Bureau of Investigation (FBI), and is comprised of several departments, including the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS) and the National Instant Criminal Background Check System (NICS). CJIS provides law enforcement agencies across the United States with a centralized source of criminal justice information (CJI), which can be used to … Read more