Compliance


16

Aug 2017

How to Write an Effective Business Continuity Plan

By Teddy Ansink An effective business continuity plan (BCP) is proactive and aims to avoid and mitigate risks associated with a disruption of operations, including ensuring personnel and assets are protected and able to function in the event of a disaster. Due to the importance of this goal, the development of a BCP requires strategic thinking through the recognition of threats and risks facing a...

Read More


08

Aug 2017

PCI DSS Changes to Be Enforced in 2018: Are you ready?

By Jack Dempsey The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for merchants and service providers that process, store or transmit credit card information. Forward dated PCI DSS changes in Version 3.2 of the DSS requiring increased network security will be enforced in 2018. Are you ready? The most important change to the standards will be enforced beginning July 1,...

Read More


08

Sep 2016

Introducing a New Comprehensive HITRUST Solution

Nearly 90 percent of all healthcare organizations have suffered at least one data breach in the past two years with an average cost of $2.2 million per attack. Even just an allegation of a breach can result in an investigation of your organization by the U.S. Department of Health and Human Services’ Office for Civil Rights. But, for most, it is virtually impossible to claim...

Read More


28

Jul 2016

Compliance is not a Blueprint for Building a Security Program

For some security experts, the definition of compliance has become so skewed that it can mean just about anything to just about anyone, depending on their circumstances. Data security analysts continue to hear clients tout that they are “compliant, so we must be secure,” without knowing that the more appropriate route to take is to begin with security as the framework for your compliance path....

Read More


20

Jul 2016

PCI Compliance Should Start with Security

While it’s true the Payment Card Industry Data Security Standard (PCI DSS) has helped curtail credit card fraud by requiring merchants to comply with its regulations, many merchants still don’t understand that merely meeting compliance goals does not mean their data is secure. Many security and compliance experts now argue that PCI standards have become little more than a check-box activity leaving the retailer with...

Read More


14

Jul 2016

You Can Be Both Compliant and Secure

It’s no big secret that some of the big-name companies whose customer data was breached had met compliance standards prior to the intrusions. That’s because being compliant can sometimes lead companies into believing they’re also secure. The data security experts at Sword & Shield recommend that organizations use their industry compliance regulations as a security starting point – a prescriptive direction – but warn it...

Read More


06

Jul 2016

Federal Regulators Fine First Business Associate for HIPAA Breach

In October of 2013 The Office for Civil Rights implemented the Omnibus Rule that made all Business Associates directly accountable for HIPAA compliance. On June 29, 2016, the OCR announced the first HIPAA enforcement fine levied on a Business Associate. A nonprofit organization was hit with a $650,000 fine for a breach that affected just 412 patients. The company was also put on a corrective...

Read More


12

May 2016

New PCI DSS Rules Have Big Changes for Service Providers

The newly-released Payment Card Industry Data Security Standard Version 3.2 includes increased scrutiny for the security providers who help merchants process, store or transmit cardholder data. PCI Council CTO Troy Leach said that service providers, specifically those that aggregate large amounts of card data, continue to be at risk. “PCI DSS 3.2 includes a number of updates to help these entities demonstrate that good security...

Read More


05

May 2016

Merchants Should Develop a Clear Path to PCI Compliance that Includes Security

While the Payment Card Industry Data Security Standard (PCI DSS) lays out clear industry-standards for merchants to follow regarding how they protect sensitive customer data, the path an organization takes to security and compliance should be based on each company’s needs. Most merchants are familiar with the 12 requirements of PCI DSS and many assume that merely meeting the compliance requirements means that they are also...

Read More


28

Apr 2016

New HIPAA Workshop Helps with Writing Policies and Procedures

In order to comply with HIPAA  guidelines, healthcare organizations and the Covered Entities and Business Associates that support them are required to have a comprehensive set of policies and procedures that cover all the requirements of the HIPAA Security, Privacy, and Breach notification rules. But, let’s face it, writing policies and procedures from scratch can be a difficult and time-consuming process for many companies. As a result, Sword...

Read More



Page 1 of 3123