Many data breaches start with a compromised account from one of a company’s employees. Jérôme Berloty and Benjamin Netter decided to build a product based on that fact and launched Riot in 2020. ‍ Based in Paris, France, Riot combines learning modules and phishing simulations to raise cyber awareness and solve compliance needs. The courses are chat-based, five minutes long, and immersive and interactive, making learning more entertaining. ‍

Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under NIST SP 800-171, as required by Executive Order 13556 (2019). As a contractor and partner of the U.S. Government, Penn State is required to implement a minimum set of security controls around Controlled Unclassified Information (CUI) it collects, creates, or handles as part of its partnership with the government.

With the advent of the Digital Personal Data Protection Act (DPDP Act) in 2023, India has taken a significant step towards safeguarding the rights of individuals, termed as ‘Data Principals’, over their personal data. This blog post aims to shed light on the rights and protections offered to Data Principals under the DPDP Act, a landmark legislation that is reshaping the landscape of data privacy in India.

Businesses with Indian customers or those accessible to Indian citizens, take note! The Digital Personal Data Protection Act (DPDP) has been passed in India. This new law, approved by the president on August 11, 2023, dictates how organizations handle personal data. The DPDP Act is not yet enforceable as the Data Protection Board of India is still being established.

Today we’re thrilled to announce that Vanta’s Role-Based Access Control (RBAC) functionality has gotten even stronger with new capabilities, including: ‍ ‍ These expanded RBAC capabilities are now generally available and demonstrate Vanta’s continued commitment to supporting the needs of larger, more advanced organizations through additional customization and flexibility across our platform. ‍

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month. NEW: Prove the ROI of your security and privacy investments with TrustCloud Business Intelligence (BI) TrustCloud Business Intelligence is here! Now, you can see and share key results from across your compliance, risk management, and sales acceleration programs to showcase ROI, prove value, plan your resources, and easily align with stakeholders.

In the dynamic realm of data protection, understanding the consequences of non-compliance is crucial. The Digital Personal Data Protection (DPDP) Act of 2023 has set forth stringent penalties for those who fail to adhere to its provisions. We’ve delved into this new act in our series of blog posts.

This post is part of an ongoing series where you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta—and most importantly, our customers—secure. In today’s post, you’ll hear from Rob Picard, who leads Vanta’s Security team, and Matt Cooper, who leads Vanta’s Privacy, Risk, & Compliance team. ‍

With many nuances to consider, adhering to the General Data Protection Regulation (GDPR) requirements can be a daunting task. After all, the entirety of the GDPR consists of a whopping 99 Articles. Fortunately, by following a GDPR security checklist, you can help your organization ensure that all required facets of data security are covered without sifting through pages and pages of legalese.

In an era where data breaches and cyberthreats are a constant concern, ensuring the security of your network monitoring systems is paramount. The Federal Information Processing Standards (FIPS) compliance standard serves as a robust benchmark for data security. In this comprehensive blog, we’ll explore the importance of FIPS compliance and delve into how OpManager, leading network management software, adheres to these standards to bolster security for its users.

According to CSO the fines incurred for data breaches or non-compliance with security and privacy laws, for only a handful of companies, has cost $4.4 billion. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years (IBM). The challenge for organizations is how to safeguard sensitive information while adhering to the law, but without compromising innovation. Cyber threats loom large, affecting businesses in every industry.

In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the teams’ approaches to keeping the Vanta organization secure. We’ll also share some guidance for teams of all sizes — whether you’re just getting started or looking to uplevel your operations.

In the fast-paced world of software development, the clash between developers and security experts could greatly benefit from some much-needed balance. On one side, developers strive for success based on metrics like delivery time, deployment frequency, and number of features. On the other side, security professionals are measured on vulnerability and compliance metrics.

The education industry is facing a growing threat from malicious cyberattackers, both external and internal. According to the Cyber Attack Trends report by Check Point Research, the education and research industry suffered from 44% more cyberattacks in the first half of 2022 compared to the same period in 2021. Therefore, cybersecurity in the academic industry is of paramount importance now.

Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard-earned reputation.

In the world of technology, few concepts have captured our collective imagination like Artificial Intelligence (AI). It’s the promise of machines that can think, learn, and perform tasks with a level of sophistication that mimics human intelligence. Yet, the allure of AI has also given rise to a web of confusion, myths, and misunderstandings.

With today’s dynamic cybersecurity threat landscape, governance, risk management, and compliance (GRC) can’t afford to be stuck lagging and playing catch-up. It needs to be leading the pack, ensuring organizations are compliant, protected, communicative, and driving business success.

For almost a century, artificial intelligence (AI) has been depicted in our media. Starting with Fritz Lang’s 1927 film, “Metropolis,” and through major blockbusters like The Terminator series, “2001: A Space Odyssey,” and “Her,” these movies have all included or focused on AI’s potential impact.

The way we do business continues to evolve, and with that, the requirements to remain compliant continue to evolve as well. PCI-DSS is no exception — as of March 2024, PCI-DSS 4.0 will introduce some significant changes. These differences are largely minor but could be very impactful for organizations depending on how they previously approached PCI-DSS 3.2.1.

Today’s uncertain economy has presented an array of problems to organizations of every size and across all industries. In the world of tech titans alone, 70,000 jobs have been lost over the past year. It’s safe to say that businesses have laid off and lost talented and experienced professionals from their rosters. We feel losing talent more acutely in cybersecurity and privacy as risk of cyberattacks and breaches may cost the global economy $10.5 trillion annually by 2025.

India’s new Digital Personal Data Protection Act, 2023 (DPDP Act) was given assent by the President of India on August 11, 2023, marking a significant development in data protection legislation. This Act, which supersedes Section 43A of the IT Act, 2000 and the SPDI Rules, 2011, brings about considerable changes to the norms of data protection. The DPDP Act is lean and principle-based, with details around implementation to be set out in future rules.

Numerous U.S.-based companies that operate online have customers from the European Union (EU) or other parts of the European Economic Area (EEA). If your business engages with these customers, it is subject to the EU’s General Data Protection Regulation (GDPR). This extensive data privacy regulation has an impact on many U.S. entities due to its extraterritorial reach.

Many countries across the globe are realizing the importance of the right to privacy in the digital era. The GDPR, the data privacy legislation for the European Union, came into force in 2018 and became the guiding star for an array of privacy laws. The Digital Personal Data Protection Act (DPDPA) by the Indian government is the latest privacy law aimed at protecting individuals’ privacy while ensuring hassle-free business operations.

The month of August was a busy month at Vanta — we shipped Access Reviews schedules, 35 new integrations and new integration capabilities, Improvements to Vendor Risk Management, and more. ‍ ‍

A commonly asked question about SOC 2 is “How much does a SOC 2 attestation cost?” However, there isn’t a single answer, because the cost depends on multiple factors. The total costs of a SOC 2 audit can range from tens to hundreds of thousands of dollars. In this article, we will see what specific factors influence an audit’s cost, how you can estimate the expense, the cost breakdown, and how you can lower this expense with the help of automation.

AI is one of the hottest topics in tech right now. More than half of consumers have already tried generative AI tools like ChatGPT or DALL-E. According to a Gartner poll, 70% of executives say their business is investigating and exploring how they can use generative AI, while 19% are in pilot or production mode. Business use cases for AI range from enhancing the customer experience (38%), revenue growth (26%), and cost optimization (17%).

The basic parameters that control how hardware, software, and even entire networks operate are configurations, whether they take the form of a single configuration file or a collection of connected configurations. For instance, the default properties a firewall uses to control traffic to and from a company's network, such as block lists, port forwarding, virtual LANs, and VPN information, are stored in the firewall's configuration file.

Today’s edition of GRC Newsflash features our Compliance Specialist Frank Kyazze, and covers Risk Updates from the SEC announced on July 26, 2023.

In a digital-first world, safeguarding sensitive data and ensuring compliance with industry regulations are paramount. Enter "Continuous Compliance" – a dynamic approach reshaping the cybersecurity paradigm. As a key part of an effective compliance strategy, continuous compliance is pivotal in fortifying security measures. This modern strategy empowers organizations to stay one step ahead of cyber criminals by fostering real-time monitoring and rapid response to potential threats.

The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, commonly referred to as NYCRR 500, lays out stringent cybersecurity requirements that financial companies operating in New York must adhere to. To navigate the complex landscape of NYCRR 500, companies are turning to innovative solutions like Entitle to streamline compliance efforts and bolster their cybersecurity posture. ‍