Compliance Standards Archives | Page 13 of 82

How San José Is Using the NIST AI RMF to Build Trustworthy AI

by RSI Security November 24, 2025November 27, 2025

As artificial intelligence (AI) becomes increasingly embedded in government operations, cities across the U.S. face a critical challenge: ensuring these systems remain fair, safe, transparent, and trustworthy. The City of San José, California, one of the country’s leading technology hubs, has emerged as an early model for responsible public-sector AI. San José is one of the first municipalities to formally evaluate its AI programs using the NIST AI Risk Management Framework (AI RMF). Through a collaboration with the National Institute of Standards and Technology, the city applied the AI RMF to assess its AI governance maturity, identify risks, and strengthen safeguards across all AI-related activities.

This NIST AI RMF case study reveals not only what San José is doing well, but also where public-sector organizations must continue improving to deploy trustworthy, risk-aware AI systems.

November 24, 2025November 27, 2025 0 comment

SOC 2

Who Needs SOC 2 Compliance?

by RSI Security November 19, 2025November 19, 2025

written by RSI Security

If you’re unsure whether SOC 2 compliance is necessary for your organization, ask yourself the following:

Industry requirements: Which industries and niches specifically require SOC 2 compliance?
Report types: Which type of SOC 2 report, Type I or Type II, best fits your needs?
SOC framework differences: How does SOC 2 differ from SOC 1 and SOC 3?

Other Compliance frameworks: Are there other SOC or security frameworks that might apply to your organization?

November 19, 2025November 19, 2025 0 comment

NIST AI RMF

Generative Artificial Intelligence Risk & NIST AI RMF

by RSI Security November 17, 2025November 18, 2025

written by RSI Security

Generative Artificial Intelligence offers organizations across industries significant productivity and efficiency gains, but it also introduces new risks. The NIST AI RMF (AI Risk Management Framework) provides a structured approach to identify, assess, and mitigate these risks while maximizing the benefits of generative AI.
Is your organization prepared for secure and compliant AI adoption? Schedule a consultation today to ensure your AI initiatives are safe, responsible, and aligned with industry standards.

November 17, 2025November 18, 2025 0 comment

NIST AI RMF

Roadmap to Achieving NIST AI RMF

by RSI Security November 14, 2025December 2, 2025

written by RSI Security

Organizations embracing artificial intelligence (AI) to streamline operations must also prepare for the unique risks it. The NIST AI Risk Management Framework (AI RMF) provides a structured, trustworthy approach to identifying, evaluating, and mitigating these risks across the AI lifecycle. Implementing this framework helps internal teams establish clear governance and gives external stakeholders confidence in your organization’s responsible AI practices.

Is your organization ready to align with the NIST AI Risk Management Framework? Schedule a consultation to get started.

November 14, 2025December 2, 2025 0 comment

SOC 2

10 Common Questions About SOC 2 Compliance

by RSI Security November 13, 2025November 20, 2025

written by RSI Security

SOC 2 Compliance is a critical standard for service-oriented businesses aiming to protect client data and build trust. Developed by the American Institute of CPAs (AICPA), SOC 2 provides a framework for managing and securing sensitive information. While achieving SOC 2 compliance can seem complex, understanding its requirements is essential for safeguarding data, meeting client expectations, and demonstrating a strong commitment to cybersecurity.

November 13, 2025November 20, 2025 0 comment

SOC 2

Who Needs to be SOC 2 Compliant?

by RSI Security November 11, 2025November 20, 2025

written by RSI Security

Depending on your business and the type of data you handle, you may need to be SOC 2 compliant to meet the security standards set by the American Institute of CPAs (AICPA). SOC reports, SOC 1, SOC 2, and SOC 3, apply mainly to service organizations that store, process, or manage customer data.

So, who exactly needs to be SOC 2 compliant, and what does SOC 2 cover? Keep reading to find out everything you need to know about SOC 2 compliance and how it protects sensitive data

November 11, 2025November 20, 2025 0 comment

HIPAA / Healthcare Industry

What is the HIPAA Minimum Necessary Rule?

by RSI Security November 11, 2025December 23, 2025

written by RSI Security

The HIPAA Privacy Rule ensures that healthcare professionals and auxiliary providers protect patient information by limiting who can access it. One of its key requirements, the minimum necessary HIPAA Rule, mandates that only the minimum amount of patient data needed for a specific task is shared or used. This principle forms the foundation for safeguarding sensitive health information and maintaining patient trust.

November 11, 2025December 23, 2025 0 comment

SOC 2

What are the SOC 2 Controls?

by RSI Security November 10, 2025November 20, 2025

written by RSI Security

Service organizations pursue SOC reports to demonstrate to clients that their data is handled securely. SOC 2 reports specifically assess a company’s adherence to the five Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality, and privacy. These criteria, established by the American Institute of Certified Public Accountants (AICPA), form the foundation for SOC 2 controls that guide audit and reporting processes. Unlike a simple checklist, the TSC provides a framework that ensures organizations implement effective controls to protect client data.

November 10, 2025November 20, 2025 0 comment

ISO 42001

AI Risk Management and the ISO/IEC 42001 Framework

by RSI Security November 4, 2025November 5, 2025

written by RSI Security

Organizations leveraging AI for automation and generative tasks need robust AI risk management, and that starts with ISO 42001. Implementing the ISO/IEC42001:2023 framework helps ensure your AI tools and systems are secure, compliant, and trustworthy for clients and partners. Wondering if your organization’s AI governance meets best practices? Request a consultation to assess your compliance today.

November 4, 2025November 5, 2025 0 comment

HIPAA / Healthcare Industry

The Do’s and Don’ts of Preparing for HIPAA

by RSI Security November 2, 2025November 27, 2025

written by RSI Security

As a medical or health care provider, staying compliant with federal regulations is one of the most important—and often most stressful, parts of protecting your patients’ rights. Federal, state, and local agencies regularly introduce new rules that affect how your practice operates. Failing to follow these requirements can lead to severe financial penalties and increased risk exposure. In this guide, we’ll focus on the Health Insurance Portability and Accountability Act (HIPAA), one of the most critical frameworks for safeguarding patients’ Personal Health Information (PHI). Understanding what should be included in a HIPAA compliance checklist can help you avoid common mistakes and strengthen your overall security posture.

HIPAA requirements apply differently depending on the type of medical practice or covered entity. Without the right knowledge, it’s easy to overlook essential safeguards. According to the Department of Health and Human Services (HHS), the agency responsible for enforcing HIPAA violations were found in 69% of the compliance issues they investigated.

These numbers reveal a simple truth: many medical providers are not fully prepared for HIPAA compliance. So the question becomes, do you know what it takes to ensure your HIPAA compliance checklist is complete and up to date?

Read on to learn the most important do’s and don’ts of HIPAA compliance, and how you can better prepare your organization to meet evolving regulatory requirements.

Continue Reading

November 2, 2025November 27, 2025 1 comment