Home Compliance Standards
Category:

Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

What is Service Organization Control (SOC)?
SOC 2

What is Service Organization Control (SOC)?

by RSI Security
written by RSI Security

Service Organization Control reports (SOC), in a nutshell, help companies with various aspects of their business. Essentially, these reports outsource different responsibilities within a business, like payroll, medical claims processing, document management and much, much more. Typically, they are aspects of a business that a company or “user entity” is not capable of doing as well as the service organization. It also allows the company or “user entity” to concentrate on other facets of their business. These reports come in various types based on the type of work the user entity does.

In this article, we’ll discuss the different types of reports in detail, as well as why you might choose one Service Organization Control report over another. To best understand how it works, it’s important to make sense of the system that came before SOC. Prior to the implementation of Service Organization Control, CPAs used a system called SAS 70. 

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
What Are SOC 2 Trust Service Principles?
SOC 2

What Are SOC 2 Trust Service Principles?

by RSI Security
written by RSI Security

As a business owner, you are always looking for ways to set yourself apart from the competition. It may be that your exceptional service, incredible products, or perhaps low prices that give you that competitive edge. Just as important as all these things are to the success of your business, so is establishing a deep level of trust with your customers. One good way to establish this trust is to become SOC 2 Compliant.

There are five trust service principles which include:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy
Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
What Is The HITRUST Certification Process?
HITRUST

What Is The HITRUST Certification Process?

by RSI Security
written by RSI Security

The Health Information Trust Alliance (HITRUST) is an organization that creates and maintains a common security framework (CSF) for businesses and organizations in the healthcare sector. Founded in 2007, the Texas-based entity has a prescriptive set of controls that organizations can use in creating, accessing, storing, or exchanging sensitive or regulated data. 

HITRUST certification is commonly required by organizations handling protected health information (PHI).  It provides a holistic approach to managing information security risks. Considered as the gold standard for compliance in the healthcare industry, it combines commonly accepted standards such as:

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
What is HITRUST and How Does it Protect the Healthcare Industry? 
HITRUST

What is HITRUST and How Does it Protect the Healthcare Industry? 

by RSI Security
written by RSI Security

If you’re a business owner who operates within the healthcare industry, you know that patients are your top priority. Whether it’s protecting their health or their data, you want to meet a high standard of excellence. Read below for more information on the HITRUST Alliance and how they help protect the healthcare industry. 

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
Privacy Policy Requirements For CCPA
California Consumer Privacy Act (CCPA)

Privacy Policy Requirements For CCPA

by RSI Security
written by RSI Security

People want privacy when it comes to their personal information; however, sometimes they don’t realize how other companies use their information. Third party involvement and the use of online platforms increase the chances that consumer data will be sold or affected by a data breach. Consequently, California took action to empower consumers. Are you aware of the privacy policy requirements outlined by CCPA? Find out everything you need to know with our complete guide. 

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
A Detailed SOC 2 Compliance Checklist
SOC 2

A Detailed SOC 2 Compliance Checklist

by RSI Security
written by RSI Security

Running a business is no easy task. Knowing whether you’re SOC 2 compliant or not is yet another thing on your already full plate of expense reports, hiring, marketing, and so much more. Using the following information will help clear any confusion so you can focus on the things you love about running your business.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
How To Improve Cybersecurity In Financial Institutions
FINRA / Financial Industry

How To Improve Cybersecurity In Financial Institutions

by RSI Security
written by RSI Security

To the cyber-criminal, the world is a list of digital targets. There are two primary methods for selecting those targets. Sometimes the adversaries cast a very large automated digital net, looking for easily exploitable weaknesses wherever they exist. When the system reports one, they decide if the target is worth their time and either pursue it or move on to the next. 

The other is a far more dangerous method, in which the target is pre-selected because it is considered high-value. When hackers decided to go after Target Stores in 2013 the attack was complex, methodical, and persistent; eventually compromising over 40 million people’s card data and costing the company over $300 million.

JP Morgan Chase suffered a breach in 2014 in which they reportedly compromised the financial and personal information of more than 76 million households and 7 million small businesses. The total cost of that incident is estimated to reach $1 billion!

According to the IBM X-Force Threat Intelligence Index of 2019,  Finance and Insurance was the most frequently targeted industry in 2018 with 19% of the tracked attacks.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
ccpa-california-flag
California Consumer Privacy Act (CCPA)

What Are The Penalties For Non-Compliance With CCPA?

by RSI Security
written by RSI Security

It wasn’t long ago when the EU’s General Data Protection Regulation (GDPR) went into effect and caused internet frenzy. The GDPR compelled people to care more about their personal information and how the information is being used by merchants and businesses with or without their consent. The policy actually pushed people to rethink how their internet activities could put them at risk, both financially and emotionally. 

Continue Reading
1 comment
0 FacebookTwitterGoogle +LinkedinEmail
Cyber Regulations For Banking In Europe vs. America 
EI3PAFINRA / Financial Industry

Cyber Regulations For Banking In Europe vs. America 

by RSI Security
written by RSI Security

Banking and financial systems often go unnoticed by the general public despite the fact that they support daily tasks. The US government even classifies financial systems under critical infrastructure. With both America and European countries relying heavily on technology, they have attempted to keep pace with new banking cybersecurity regulations. Ever wondered about the differences in cybersecurity regulations of banking in Europe vs. the US? Read on to find out now. 

Continue Reading
1 comment
0 FacebookTwitterGoogle +LinkedinEmail
Why BYOD is Bad For GDPR Compliance
BYODGDPR

Why BYOD is Bad For GDPR Compliance

by RSI Security
written by RSI Security

More organizations than ever are looking for ways to cut overhead costs. Some are giving their employees the option to work remotely. Others are allowing them to use their personal devices (i.e. laptop, cell phone, etc.) to do their work on in place of a company-owned device.

Although adopting a Bring Your Own Device (BYOD) policy might allow your company to scale and pivot as you grow, it also comes with tremendous risk from the security front. With more global organizations choose to adopt these BYOD, they invariably come in contact with General Data Protection Regulations (GDPR) that ensure the protection of user data that flows through a company’s network.  

As such, it would be best to consider developing an ironclad, yet flexible BYOD strategy to ensure your organization doesn’t get hurt by potential GDPR compliance mishaps. Let’s run through the potential issues with BYOD and GDPR and point you in the right direction towards keeping your network data safe while decreasing your risk for getting hefty GDPR compliance fines.

Continue Reading
0 comment
1 FacebookTwitterGoogle +LinkedinEmail
Load More Posts

This website uses cookies to improve your experience. If you have any questions about our policy, we invite you to read more. Accept Read More