Data protection is already confusing, compounded by the fact that regulators constantly play a game of catch up with emerging technologies.
Category: Compliance Standards
Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.
-
Avoiding the Maximum Fine For GDPR Non-Compliance
When it comes to newly introduced regulations, lawmakers gave organizations time to transition into the new norms. Unfortunately, that transition time is up; the maximum fine for GDPR non-compliance has already been issued to many European multi-nationals. However, SMEs are not hidden from the gaze of the regulator.
-
An In-Depth Look at HITRUST CSF Controls
Compliance is one of cybersecurity’s most essential aspects. All the regulatory frameworks a company must follow can also be one of the most challenging elements. The HITRUST Alliance’s Common Security Framework (CSF) streamlines all of these controls and simplifies cyberdefense. Read on to learn all there is to know about HITRUST CSF controls.
-
What is a HITRUST Self-Assessment Questionnaire?
Companies in the healthcare industry are attractive targets for cybercrime, so they need to comply with HIPAA and HITECH frameworks. But many of these companies also need to comply with other codes, such as PCI-DSS. Luckily, the HITRUST Alliance’s Common Security Framework (CSF) simplifies implementation across all of them. Thus, a HITRUST Self Assessment Questionnaire is the first step toward streamlined compliance and cybersecurity.
-
A Guide to HITRUST Password Requirements and Best Practices
Robust cybersecurity architecture begins with essentials like access control and user credential management. This is especially true for businesses in the healthcare industry, where unauthorized access via a weak or stolen password can compromise protected health information security (PHI). HITRUST password requirements simplify the measures required to keep all your stakeholders safe. Read on to learn more about what they entail.
-
What is a HITRUST Bridge Assessment?
Many companies sit at the intersection of multiple sectors. This can be a lucrative position, but it also requires surveying the specific cybersecurity risks across industries. To address the needs of these companies, HITRUST Alliance published the Common Security Framework (CSF). However, to accommodate companies struggling to meet compliance requirements after the COVID-19 pandemic, the HITRUST bridge assessment can be the difference between lapsing in protection and recovering fully.
-
The GDPR Special Categories of Personal Data
What separates the General Data Protection Regulation (GDPR) from its predecessors is its ability to recognize how the data landscape has changed over the past two decades. One way the regulation has accomplished that is by combining privacy protection with modern-day data processing techniques. And it has done so primarily through its recognition of special categories of data. The GDPR Special Categories of Data is a subsection of personal data that regulators have deemed as extra sensitive. This subsection of personal data requires additional security measures that ensure the privacy of the subject being processed.
-
What is a GDPR Data Subject Rights Request?
Finding yourself in the middle of a data subject access request (DSAR) and unprepared can be pretty jarring. Most businesses aren’t even GDPR compliant and will not know how to handle a DSAR.
-
How Many HITRUST Controls Are There?
One of the most robust and comprehensive cybersecurity frameworks developed in recent years is the Common Security Framework (CSF), a HITRUST Alliance publication. HITRUST pulls together loose ends from various industry-specific guidelines into one all-inclusive document. The CSF is not required for most businesses, but all companies stand to benefit from adopting its controls and achieving certification.
-
Your Guide to HITECH Compliance Requirements
The US Department of Health and Human Services (HHS) presides overall healthcare and patient safety matters to “enhance the health and well-being of all Americans.” Extending this protection to patients’ health information, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set baseline requirements for how hospitals and doctors process data. In 2009, HITECH compliance requirements expanded these protections to meet evolving threats of cybercrime.