Tag: IT compliance

Data classification is essential for achieving, maintaining and proving compliance with a wide range of regulations and standards. For example, PCI DSS, HIPAA, SOX and GDPR all have different purposes and requirements, but data classification is necessary for compliance with all of them — after...

File integrity monitoring (FIM) is essential for securing data and meeting compliance regulations. In particular, the Payment Card Industry Data Security Standard (PCI DSS) requires organizations to use FIM to help secure their business systems against card data theft by detecting changes to...

The General Data Protection Regulation (GDPR) is designed to protect the personal data of EU residents by regulating how that information is collected, stored, processed and destroyed. The data security and privacy law applies to all organizations that collect the personal data of European Union...

HIPAA compliance requires healthcare providers and their business associates to safeguard protected health information (PHI) through privacy and security rules, risk assessments, and breach notifications. Covered entities must implement administrative, technical, and physical safeguards, including...

Compliance tools automate and streamline the processes organizations need to meet regulatory requirements like GDPR, HIPAA, and ISO 27001. General-purpose solutions include auditing, data classification, and GRC platforms, while specialized tools address needs such as consent management or DSARs....

Healthcare organizations must ensure cloud storage services comply with HIPAA by securing electronic protected health information (ePHI) through encryption, access controls, activity monitoring, and data classification. Providers like Microsoft OneDrive, Google Drive, Dropbox Business, and Box...

An IT security audit is a comprehensive examination and assessment of your enterprise’s information security system. Conducting regular audits can help you identify weak spots and vulnerabilities in your IT infrastructure, verify your security controls, ensure regulatory compliance, and...

In May of 2018, the European Union enacted one of the world’s strictest set of rules for personal data protection. The formal name of this legislation is the General Data Protection Regulation, but it is more commonly known as the GDPR. The GDPR regulates personal data, which is defined as any...

Is your organization compliant with the GDPR? Does it need to be? Too many small businesses in the United States don’t know the answer to those questions. It’s understandable, especially considering that the GDPR is a European law. Plenty of US businesses assume that they don’t need to...

The regulatory climate around the world is changing rapidly. Scores of new regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and similar laws in other U.S. states, are being enacted in response to growing concerns about privacy and...