The California Consumer Privacy Act (CCPA) is a law that was signed on June 28, 2018, that established and promoted the consumer privacy rights and business obligations concerning the collection and sales of personal information of citizens of California. The CCPA came into effect on January 1st, 2020. Soon after in November 2020, Proposition 24, known as the California Privacy Rights Act of 2020 (CPRA) was introduced which is soon to replace the CCPA Compliance.

For our latest specialist interview in our series speaking to security leaders from around the world, we’ve welcomed Tony Giles, Lead Auditor and CMMC Provisional Assessor with the NSF. Tony has conducted audits globally for over 10 years and worked on large-scale security implementation projects, including NIST 800-171, NIST 800-88 and ISO/IEC 27001, ISO 28000.

The number and severity of cyber-attacks are increasing with time. For that, the international industry standards and government authorities aim to regulate cybersecurity by enforcing more strict cybersecurity compliance criteria.

Building a HIPAA-compliant security program is a very time intensive and demanding undertaking. It can also be confusing, as satisfying requirements like the HIPAA Security Rule require extensive interpretation and documentation on the part of security professionals. However, by arming yourself with knowledge before beginning the process, you can cut down on unnecessary difficulties.

Cybersecurity compliance became prominent in the last decade. From being a trivial part of an organization’s business strategy in the early years to being a core objective now, cybersecurity compliance has come a long way. Today, organizations have dedicated teams and personnel, such as chief compliance officers, to ensure that they stay compliant with the relevant standards pertaining to their industry and location. It is essential for organizations to stay updated to avoid sanctions.

Deadlines! When we don’t have a structured path to take care of tasks, it’s difficult to get things done to the best of your ability with many competing priorities. This is something that plagues us all, and if you’ve got it under control, we’d like to hear your recipe for success!

Since working on a spreadsheet, you and your team have come a long way. You’re enjoying the ease of working in TrustOps because it automates control mapping, test creation, and evidence workflows. However, you’re looking for ways to save a bit more time, so you can focus on your day job and growing list of priorities. Collecting evidence to validate compliance controls takes time and affects HR, IT, DevOps, and the rest of your team’s productivity.

The General Data Protection Regulation is a data privacy law that protects the privacy of people of citizens of the EU and UK. The regulation is designed to protect the rights of individuals and also ensure the privacy of their personal data. The regulation outlines a detailed set of requirements for organizations collecting, storing, and managing personal data.

As the leading international standard on information security management, ISO 27001 is an important certification for businesses and is increasingly being demanded by customers as part of their supply chain management. With its standardised processes and reputational status, ISO 27001 shows interested third parties and prospective clients that you take the confidentiality, integrity and availability of their data seriously.

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s get some clarifications for the non-initiated.