Security configuration management (SCM) can help organizations do much more than just harden their attack surfaces against intrusions. This fundamental control also has the ability to make your audits flow more smoothly. Indeed, it allows organizations to pull reports from any point in time and demonstrate how their configuration changes and alignments help to support their compliance efforts.

Data classification is a vital component of any information security and compliance program, especially if your organization stores large volumes of data. It provides a solid foundation for your data security strategy by helping you understand where you store sensitive and regulated data, both on premises and in the cloud. Moreover, data classification improves user productivity and decision-making, and reduces storage and maintenance costs by enabling you to eliminate unneeded data.

The bariatric surgery market is growing year over year in the United States, from 158,000 surgeries in 2011 to 252,000 surgeries in 2018. Over the last decade, weight loss surgery demand has increased, leading to a boom in the number of clinics offering these procedures. Blossom Bariatrics has become one of the premier bariatric surgery clinics in the Las Vegas area. They provide surgical treatment options for weight loss, plus hernia, gallbladder, and anti-reflux surgeries.

Compliance testing, also known as conformance testing, is a periodic, independent, and objective assessment of compliance-related processes and/or controls. The goal of compliance testing is to determine whether the elements, processes, and controls of your compliance program are designed appropriately and operating as designed. Compliance testing follows an established process and plan as well as a risk-based approach.

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our August 2020 roundup of compliance news from around the United States, and around the world.

Governance, risk, and compliance (GRC) are major inhibitors for organizations moving to the cloud—and for good reason. Cloud environments are complex, and even a single misconfigured security group can result in a serious data breach. In fact, asset misconfigurations were the leading cause of cloud security breaches in 2019. This puts a lot of pressure on developer and operations teams to properly secure their services and maintain regulatory compliance.

There has been a significant rise in the number and complexity of Cybersecurity threats over the last several years in the financial services industry. Institutions have been in need of a tool that can aid in identifying all the different risk types and how to develop a plan to be prepared for this continuously growing number of threats. Finally a tool has been developed for these intuitions, especially for Credit Unions.

Many organizations have Information Security Programs (ISPs), but many executives and boards do not know how to measure progress within these programs. They are therefore hesitant to believe any investment in technology will mitigate perceived or even unknown risks. Some organizations use regulated compliance standards such as PCI DSS or AICPA attestations as measures of their ISP.