The Impact of COVID-19 on Compliance
With more urgent priorities, many organizations were forced to take a risk-based approach towards compliance. How have requirements been impacted? Have any been loosened in light of the current circumstances? Below is an updated status of some of the common compliance regulations:
Read More about the The Impact of COVID-19 on Compliance
Business Continuity – Processing Payments Remotely
There is no better time than now to confirm which merchants are collecting payments, and how that is being done, to ensure their efforts to provide customer service are not leaving your organization exposed.
Read More about the Business Continuity – Processing Payments Remotely
HIPAA: Common Violations and How to Avoid Them
Failure to comply with HIPAA can lead to significant financial penalties. Here are a few of the more common (and preventable!) incidents that can lead to breaches of protected health care information.
Read More about the HIPAA: Common Violations and How to Avoid Them
Article Higher Education
HIPAA vs. FERPA: High Level Guidance for Higher Ed
Colleges and universities maintain medical information in various ways and locations. While this personal information does indeed need to be protected, not all of those guidelines fall under HIPAA.
Read More about the HIPAA vs. FERPA: High Level Guidance for Higher Ed
Overlapping Cybersecurity Frameworks and Compliance Standards
It can be helpful to take a step back from the individual checklists and shift from focusing on compliance to focusing more holistically on information security. One way to standardize and build a roadmap for your enterprise information security program is through the use of an industry cyber security framework.
Read More about the Overlapping Cybersecurity Frameworks and Compliance Standards
Social Media – Defining Acceptable Use on Campus
Should employees be banned from accessing social media sites while at work? Should you be keeping track of what staff and faculty are posting and tweeting? Are they able to freely post anything on their social networks? What if it is information that pertains to your organization?
Read More about the Social Media – Defining Acceptable Use on Campus
Internal Audit’s Role in Information Security
A large part of an Internal Auditor’s job is to keep current with regulatory standards, and ensure the executive level team is aware of any potential regulatory violations that could result in significant fines or losses.
Read More about the Internal Audit’s Role in Information Security
Article PCI DSS
Segmentation: Recommended by 5 out of 5 QSAs
While segmentation is not a requirement of the PCI DSS, it is generally accepted as the most effective way to separate those identified in-scope systems from those that need not be involved when adhering to PCI DSS requirements.
Read More about the Segmentation: Recommended by 5 out of 5 QSAs