What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want to go?”

ISO 27001 enables organizations of any size to manage the security of assets such as employee information, financial information, intellectual property, employee details, and third-party information. ISO 27001 is primarily known for providing requirements for an information security management system (ISMS) and is part of a much larger set of information security standards. An ISMS is a standards-based approach to managing sensitive information to make sure it stays secure.

In many cases, penetration testing – a type of ethical hacking engagement designed to identify and address security vulnerabilities in networks, systems and applications – is required. Sometimes this requirement is specified directly, while in other cases it is implied by a need to build audit or assessment processes to mitigate cyber risk. This blog identifies some of the most common pen testing standards and regulations and provides guidance about the type of testing required.

As many businesses have begun to work almost entirely remotely until an as-yet-to-be-determined date, they have had to plan for activities that took place largely in person in the past. For example, many compliance audits have gone virtual in these times of uncertainty. This shift has forced organizations to adjust how they prepare and plan. But even in these times of uncertainty, it is your organization’s responsibility to stay sharp and on track with security knowledge, planning, and response.

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our June 2020 roundup of compliance news from around the United States, and around the world.

Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks. Here’s our May 2020 roundup of compliance news from around the United States, and around the world.

While keeping data safe from modern cyberthreats is difficult enough, you also have to keep in mind compliance with common regulations, i.e., ensuring your company’s compliance to SOX, which deals with transparency in disclosures from public companies. Nowadays, it’s not enough for businesses to rely on dismissive financial documents that satisfy the intermittent audit; you need to level up your game, and create detailed day-to-day records of activities.

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was signed into law as part of the American Recovery and Reinvestment Act (ARRA) in 2009. The HITECH Act encourages the meaningful use of electronic health records (EHRs) by healthcare providers and their business associates.

Regulatory compliance is continuously evolving, which makes it increasingly imperative that everyone involved in the Compliance Management System (CMS) understand their responsibilities. Various sectors mandate oversight, including healthcare, finance, and cybersecurity. It is also a foundational business practice to safeguard company reputation and demonstrate integrity to consumers and the public. Compliance management is a top-down system, like most workplace cultures and business processes.

COVID-19 has us reeling from health, social, and economic shocks, but this isn’t our first global crisis. It is, however, the first in which cybercrime plays a starring role. The world has faced several pandemics in the past 100 years—several influenza pandemics including swine flu (H1N1) and Avian, or bird, flu, and HIV/AIDS—as well as economic depression and a number of recessions.