The Higher Education Community Vendor Assessment Toolkit (HECVAT) helps higher education mitigate the impact of security risks of vendor relationships offering cloud-based services. With supply chain attacks on the rise, and vendor risks ranking in the top three initial attack vectors for data breaches, HECVAT compliance is becoming a mandatory requirement for partnering with higher education institutions.

So many great software and cloud-based organizations turn away from working with the US Government because the authorization to operate (ATO) processes are prohibitively complicated, expensive, and time intensive.

Identity fraud has been a significant threat to businesses. Industries related to finance and financial institutes, tourism, and hospitality are the most affected by this. Although scammers use various methods and tricks for identity theft, synthetic identity is a major concern and is a popular trend amongst fraudsters. Synthetic Identity Theft is a complex form of theft in which the person’s identity is imitated.

What is a Trust Champion? A Trust Champion is the person who helps their organization measure and meet its internal compliance obligations. Their actions support revenue-generating activities, protect their organization from legal and contractual liabilities, and enable the organization to confidently and transparently showcase an intentional, robust, and differentiated culture of trust. Arun Nagarajan – Co-founder & CTO – has led the compliance journey at BigSpring.

You want as much of your compliance program automated as possible, and collecting evidence to validate compliance controls always seems to take a lot of your team’s time. A considerable amount of control evidence involves providing accurate lists of artifacts to auditors — whether it’s workstations, tickets, alerts, or people. If only there were an easier way than having your teammates take screenshots and export lists from each of your internal systems.

Every day, organizations subject themselves to audit violations and data leaks when their end-users share sensitive data with third parties – essentially anyone outside of your organization. Various regulations and compliance frameworks require sensitive data to be encrypted with industry-grade security while at rest and in transit.

When it comes to how truly intelligent Artificial Intelligence (AI) is, it’s a polarizing debate. Either AI will solve the world’s woes or robots will rule us all – Matrix-style. But it’s all a little more complicated than Hollywood makes it seem… For a deep dive, do listen to our Beyond the Data podcast hosted by Sophie Chase-Borthwick (Calligo’s Global Data & Governance Lead) and Tessa Jones (VP of Data Science Research & Development).

Often regarded as the Californian version of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) aim’s to increase consumer rights by giving California residents greater control over the use of their personal data. The CCPA heavily regulates the use of any data that could potentially link to the identity of a consumer or household, either directly or indirectly.

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to protect the personal data of all New York residents. This act broadens the data privacy and protection standards stipulated in the Gramm-Leach-Bliley Act (GLBA) and the New York Department of Financial Services (NYDFS). What makes this particular data protection law unique is its inclusion of biometric information, usernames, and passwords in the category of personal information.