Category Archives: Regulatory Compliance

HIPAA-HiTECH Compliance, Regulatory Compliance, Risk Assessment Policy

Are you doing a real Cyber Security Risk Assessment?

Posted on by David Lineman
30
Apr

The Department Of Health and Human Services enforcement division recently fined a small neurology practice over $25,000.00. Following a ransomware attack that exposes the PII of several thousand patients, the OCR investigation determined that the practice “failed to conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to its electronic […]

Continue reading
FTC Safeguard Compliance, GLBA Compliance, SEC Security Policies

Security Policies for Regulation S-P: GLBA Data Privacy

Posted on by David Lineman
SEC Privacy S-P
09
Oct

In 2024 the SEC formally adopted updates to “Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information.” The rules apply to financial institutions that collect and manage nonpublic personal information about consumers (PII). First adopted in 2000, the privacy requirements have continually evolved and major updates were approved in 2024. The updated privacy […]

Continue reading
FTC Safeguard Compliance, Information Security Policies, Press Releases

Simplify Compliance with EPA Cyber Security Requirements

Posted on by David Lineman
EPA Water Cyber Security
04
Oct

Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article was originally published, Cyber Audit were going to be part of the Sanitary Surveys. That requirement was removed. But the Cyber Security […]

Continue reading
Information Security Policies, Regulatory Compliance

What is required in a Security Plan for HAZMAT HM 232?

Posted on by David Lineman
24
Apr

In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, written security plan to prevent equipment or cargo from being used as weapons in terrorist attacks.  According to the law, the plan […]

Continue reading
FTC Safeguard Compliance, Information Security Policies

Simplify Compliance with NYS-DFS Cyber Law

Posted on by David Lineman

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber Security Law? The […]

Continue reading
FTC Safeguard Compliance, Information Security Policies, Press Releases

Simplify Compliance with NADA FTC Safeguards Rule

Posted on by David Lineman
27
Feb

Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA FTC cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer […]

Continue reading
CyberSecurity Framework, Regulatory Compliance

Compliance with NIS 2 Directive Cyber Security

Posted on by David Lineman

NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament calls it “A high common level of cybersecurity in the EU.” NIS 2 replaces the original Network and Information Security (NIS) Directive, […]

Continue reading