Use these 5 tips to take your information security policies off the shelf and put them into action. Bad Information Security Policies Information Security Policies are the foundation of your cyber security program. They create the “written rules” that define how controls are implemented and audited. They are typically the first set of “evidence” used […]
Author Archives: David Lineman
FTC Safeguard Compliance, GLBA Compliance, SEC Security Policies
Security Policies for Regulation S-P: GLBA Data Privacy
09
Oct
Oct
In 2024 the SEC formally adopted updates to “Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information.” The rules apply to financial institutions that collect and manage nonpublic personal information about consumers (PII). First adopted in 2000, the privacy requirements have continually evolved and major updates were approved in 2024. The updated privacy […]
FTC Safeguard Compliance, Information Security Policies, Press Releases
Simplify Compliance with EPA Cyber Security Requirements
04
Oct
Oct
Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article was originally published, Cyber Audit were going to be part of the Sanitary Surveys. That requirement was removed. But the Cyber Security […]
10
Sep
Sep
The Digital Operational Resilience Act (Regulation (EU) 2022/2554) dramatically increases the cyber security burden of financial services entities operating in the EU or serving the EU business community. In short, every EU financial entity will need to build and maintain a robust cyber security program. What is DORA (The Digital Operational Resilience Act)? The Digital Operational […]
HIPAA-HiTECH Compliance, third-party security policies, Vendor Risk Management
Healthcare Cyber Resilience: Third Party Cyber Risk Management
13
Aug
Aug
As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations to increase focus of third-party security. For organizations that are already short on resources and staff, adding Vendor Risk Management process can […]
01
Aug
Aug
Full updates to the Common Policy Library including AI, SBOM and regulatory mappings.
Information Security Policies, Regulatory Compliance
What is required in a Security Plan for HAZMAT HM 232?
24
Apr
Apr
In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, written security plan to prevent equipment or cargo from being used as weapons in terrorist attacks. According to the law, the plan […]
15
Mar
Mar
On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our clients and hope to save them many hours of work designing and implementing a vendor risk assessment program. The formal Press Release […]
Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for having a defensible cyber program. Over the last several years, many vendor cyber risk management tools have entered the market. In general, […]
HIPAA-HiTECH Compliance, Press Releases, Vendor Risk Management
Information Shield Supports New NIST-HIPAA Guidelines
15
Feb
Feb
In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, is the second version and contains updated guidance on how Covered Entities can comply with HIPAA. HIPAA enforcement […]