Framework deep-dives and regulatory analysis: HIPAA, ISO 27001, SOC 2, PCI DSS, GDPR, NIST, CMMC, and how to prepare for the audits that follow.
Why most risk assessments deliver less than they should The risk assessment is the most common artifact every risk and compliance program produces. It is also the most commonly disappointing. A board…
Healthcare security in 2026: three risk surfaces, one program Hospitals and health systems sit at the intersection of every workplace-safety, privacy, and infrastructure regulation in U.S. law. They…
Table of Contents In today's complex financial landscape, banks face a myriad of regulatory challenges. From data privacy to anti-money laundering, ensuring compliance is crucial to maintaining a…
The utilities sector faces a multitude of compliance challenges due to its critical role in providing essential services such as electricity, gas, and water to households and businesses. Let’s delve…
Table of Contents A compliance officer is a crucial role within organizations, ensuring that they adhere to various laws, regulations, and industry standards. They act as the organization's…
Table of Contents Ever feel like your business is navigating a minefield of regulations? That's where compliance risk management comes in. This guide will equip you to understand and navigate this…
Healthcare organizations operate in a complex and highly regulated environment. Compliance programs are essential to ensure that these organizations adhere to all relevant laws, regulations, and…
Introduction In the ever-evolving landscape of the utilities sector, Compliance & Risk Management has become a critical component of operations. As regulatory requirements continue to tighten,…
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security controls designed to ensure that all companies that accept, process, store, or transmit credit card information…
## How to Use Automated Assessment Software to Manage and Meet Your Security and Compliance Requirements Security and compliance are two essential aspects of any organization, especially in today’s…
Oil and Gas Industry The oil and gas industry is a volatile one, inundated by a number of risks and regulations which range from worker safety to environmental concern. It is designated as a…
Gap Analysis A gap analysis is a necessary component of risk management that is, at times, unclear to those in risk, security, and compliance positions. This leaves the question of, “What is a gap…
What Is the CAN-SPAM Act? The CAN-SPAM Act essentially dictates what can and cannot be done in regards to commercial messaging, including what can happen if you’re noncompliant. Formally referred to…
Risk management in banking has largely been focused on compliance with regulations and standards in recent times. This practice primarily stems from the regulations and culture that emerged during…
Top Five Risks Facing the Healthcare Industry The healthcare industry faces unprecedented risks and compounding regulatory compliance requirements. They’re particularly vulnerable due to their heavy…
Service Provider Risk and Compliance In our continuing effort to educate on the importance of risk assessment and compliance, this week we wanted to touch base on service provider risk and what you…
## Cyber Risk Assessments RiskWatch offers over 50 prebuilt content libraries that are ready for use in our platform. These libraries contain industry standards and regulations, lending subject…
GDPR Defined The General Data Protection Regulation (GDPR) is a data privacy and security law that was passed by the European Union back in 2018. It quickly made its reputation as one of the toughest…
GRC Defined GRC is an acronym for governance, risk, and compliance; it’s a term that refers to an organization’s strategy and management for each of those three components. GRC is a structured…
On June 30th, 2021, the U.S. Department of the Treasury released a set of national priorities in a document titled ‘Anti-Money Laundering and Countering the Financing of Terrorism National…
Who is NIST? The US National Institute of Standards and Technology (NIST) is an organization with the goal of improving economic security and quality of life. They pursue this goal by promoting…
What is the California Consumer Privacy Act? The California Consumer Privacy Act (CCPA) exists to provide California residents with more control over their data and information on how it is being…
Healthcare Compliance As a highly regulated, high-risk industry, healthcare organizations place the utmost concern on compliance. Healthcare compliance protects both patients and staff, and widely…
Managing Personally Identifiable Information In a time where discussion of cyber attacks frequents the news, customers are starting to demand more attention to their personal data – and they should.…
Gas Company Noncompliance Causes Ruptured Gas Line Two weeks ago, PUCO (Public Utilities Commission of Ohio) fined Columbia Gas $400,000 for failure to comply with set operating procedures in…
The Value of Cobit Compliance With today’s prevalence of technology in the workplace, we can’t stress enough the importance of cybersecurity and keeping an effective cyber framework in place. As…
Risks During the Government Shutdown Today marks 21 days into the government shutdown, and we can’t help but worry about the state of safety and regulations. Nine out of fifteen federal departments…
IT Compliance Management IT compliance management can be difficult for many organizations that don’t understand the requirements of cyber data, especially when you have to consider standards such as…
Performing Supplier Audits If you’re in business with a supplier, you’re going to want to make sure you perform regular audits as their business practices directly impact yours. Supplier audits are…
Importance of Implementing IT Compliance With the vast majority of businesses going digital, IT compliance is now more prevalent than ever. With that said, we wanted to utilize this blog post as an…
The Unnecessary Torture of Security Audits From financial services to healthcare, nearly every industry gets audited for security, and no one looks forward to it. Just the thought of getting audited…
The Unnecessary Torture of Security Audits From financial services to healthcare, nearly every industry gets audited for security, and no one looks forward to it. Just the thought of getting audited…
What is it? ISO 27001 is an international standard that provides a process for an Information Security Management System (ISMS). An ISMS is a framework containing policies and procedures for an…
What is GDPR? A trending topic these days is the latest data regulation that businesses all around the world will soon follow—GDPR. For those of you who don’t already know what GDPR is, let’s start…
Have you ever been treated with a generic medicine or an over-the-counter (OTC) drug? Then chances are high that you have taken a medication made in India, China, or in other emerging drug markets.…
The U.S. Food and Drug Administration (FDA) today proposed a rule to prevent food safety risks, that would require certain shippers, receivers, and carriers who transport food by motor or rail…
Are you HIPAA compliant? Late last year, members of the U.S. Congress challenged The Director of Office of Civil Rights (OCR), Leon Rodriguez, to step up the enforcement of the Health Insurance…
If you are in any way connected with the world of third party risk assessments and compliance, then you would have encountered the terminology being used to describe the vast scope of an…
After a lengthy and bitter Senate dispute over the filibuster as it applies to nominees, Gina McCarthy was confirmed as the head of the EPA about three weeks ago. She is already on the offensive,…
Last Thursday, a bill sponsored by Representative Bill Cassidy (R-Louisiana) passed the Republican majority house 232-181, with almost no Democratic support. The bill would effectively stall new…
Republished from (https://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/shasta-agreement-press-release.html) FOR IMMEDIATE RELEASE HHS Press Office Thursday, June 13, 2013 (202) 690-6343 (202)…
New regulations and threats to businesses, combined with new user habits have led to more tailored SaaS solutions from the 20-Year risk assessment solutions provider. Sarasota, FL, June 6th, 2013 –…
This Post is a direct quote from the U.S. Department of Health & Human Services’ official website found at the following URL:…
The positions “Risk Analysis,” at front-and-center in the first section of HIPAA – the Administrative Safeguards. Yet, it is rare to find that a formal IT Risk Assessment has been completed, and…
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) has agreed to pay the U.S. Department of Health…
HIPAA Investigation Leads to Sanctions For the second time in three months, federal authorities have issued a hefty financial penalty stemming from a HIPAA compliance investigation after a relatively…
Smaller Institutions Could Benefit from Regulators’ Help Last year, federal regulators issued FFIEC authentication guidance for online transactions. But, unfortunately, regulators apparently don’t…
Hospital, Attorney General, at Odds Over Records Access A criminal and public health investigation in New Hampshire involving a former hospital worker who allegedly infected dozens of patients with…
Federal Privacy Officer Offers Insights What’s the best way to prepare to comply with HITECH Stage 2 privacy and security requirements? Federal privacy officer Joy Pritts advises healthcare…
Experts Sort Through Privacy, Security Provisions Some privacy and security experts that have dug into the 1,446 pages of final rules for Stage 2 of the HITECH electronic health record incentive…
Having completed an initial 20 HIPAA privacy and security compliance audits since last fall, and with 95 additional audits in the pipeline, OCR has just released its HIPAA privacy and security audit…
Penalty Resulted from Deceptive Cookie Practices Search engine giant Google Inc. will pay $22.5 million to settle Federal Trade Commission charges that it misrepresented its privacy promises to users…
The National Institute of Standards and Technology has issued a revision of its guidance to help organizations establish programs to manage computer security incidents. NIST, in Special Publication…
This New Year’s Eve, I thought at times my neighbors were using a rocket launcher and several assault rifles to shoot up the New Year. Lucky for me, I spent the awake time to contemplate the outlook…
People tell me all the time that their management doesn’t want them to do a risk analysis, even if it’s a requirement. Sometime they say that they have no budget to fix anything – so why bother? Even…
Try the platform behind the posts. 30-day free trial, no credit card required.
No credit card required · 30-day free trial · Cancel anytime
