Information Security Policy Blog
The latest news and articles relating to information security policies and regulatory compliance. Bookmark this page or subscribe to our Policy Solutions Newsletter for regular updates.Healthcare Cyber Resilience: Third Party Cyber Risk Management
As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations [...]
Read MoreSecurity Policy Updates for ComplianceShield
We have updated all of the information security policy templates and related procedures within the Common Policy Library as of August 1st. A short summary of the updates: Check out the updated security [...]
Read MoreWhat is required in a Security Plan for HAZMAT HM 232?
In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, [...]
Read MoreInformation Shield Adds New Vendor Cyber Risk Management Features
On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our [...]
Read MoreHow to Simplify Vendor Risk Management
Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for [...]
Read MoreInformation Shield Supports New NIST-HIPAA Guidelines
In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability [...]
Read MoreInformation Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector
The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on [...]
Read MoreSample IT Risk Management Policy
What is an IT Risk Management Policy? An IT Risk Management Policy is a key part of any Cyber Governance Framework. IT Risk Management is the process of identifying, rating, and mitigating cyber [...]
Read MoreSimplify Compliance with NYS-DFS Cyber Law
The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In [...]
Read MoreSecurity Policies, Standards and Procedures: What’s the Difference?
One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature. Even before writing the first line of a security policy, many organizations get dragged into lengthy [...]
Read MoreSimplify Compliance with EPA Cyber Security Requirements
Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the [...]
Read More3 Ways to Validate your Cyber Security Program
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect [...]
Read MoreNew Certification Validates Cyber Security Program Readiness
The Information Shield Cyber Certification enables any business to effectively demonstrate cyber security readiness to third parties Information Shield today announced the release of the Information Shield Cyber Certification ™. This new program dramatically simplifies [...]
Read More8 Rules for Passing Cyber Vendor Assessments
We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which [...]
Read MoreSimplify Compliance with NADA FTC Safeguards Rule
Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA [...]
Read MoreCompliance with NIS 2 Directive Cyber Security
NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament [...]
Read MoreSimplify NAIC Data Security Law Compliance
What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, [...]
Read MoreKey Elements of Information Security Policies
What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must [...]
Read MoreSimplify Compliance with FTC Safeguards Rule
Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade [...]
Read MoreThe ISO 27002:2022 Update – What Happened?
In March 2022 the International Standards Institute (ISO) made an official update to the cyber security standard ISO/IEC 27002. The last update was in 2013, so nine years have passed. This is significant [...]
Read More