04
Feb
Feb
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
Author Archives: David Lineman
22
Jan
Jan
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
26
Dec
Dec
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or maybe you are […]
Information Security Policies, Writing Security Policies
5 Elements of Effective Information Security Policies
25
Oct
Oct
Use these 5 rules to take your information security policies off the shelf and put them into action. Information Security Policies – The Foundation Information Security Policies are the foundation of your cyber security program. They create the “written rules” that define how controls are implemented and audited. They are typically the first set of […]
FTC Safeguard Compliance, GLBA Compliance, SEC Security Policies
Security Policies for Regulation S-P: GLBA Data Privacy
09
Oct
Oct
In 2024 the SEC formally adopted updates to “Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information.” The rules apply to financial institutions that collect and manage nonpublic personal information about consumers (PII). First adopted in 2000, the privacy requirements have continually evolved and major updates were approved in 2024. The updated privacy […]
FTC Safeguard Compliance, Information Security Policies, Press Releases
Simplify Compliance with EPA Cyber Security Requirements
04
Oct
Oct
Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article was originally published, Cyber Audit were going to be part of the Sanitary Surveys. That requirement was removed. But the Cyber Security […]
HIPAA-HiTECH Compliance, third-party security policies, Vendor Risk Management
Healthcare Cyber Resilience: Third Party Cyber Risk Management
13
Aug
Aug
As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations to increase focus of third-party security. For organizations that are already short on resources and staff, adding Vendor Risk Management process can […]
01
Aug
Aug
Full updates to the Common Policy Library including AI, SBOM and regulatory mappings.
Information Security Policies, Regulatory Compliance
What is required in a Security Plan for HAZMAT HM 232?
24
Apr
Apr
In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, written security plan to prevent equipment or cargo from being used as weapons in terrorist attacks. According to the law, the plan […]
15
Mar
Mar
On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our clients and hope to save them many hours of work designing and implementing a vendor risk assessment program. The formal Press Release […]