ISO/IEC 27001 is the international standard on information security. It was established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to stipulate the framework for implementing Information Security Management Systems (ISMS) in an organized and risk-effective way. For this article, we’ll mostly refer to ISO 27001, but know that we’re referring to both ISO/IEC 27001. Got it? Let’s begin!

Data security is a major concern for almost everyone. From organizations to individuals, most of us who use or supply cloud-based services want to ensure that our information stays confidential and accessible. However, these concerns are amplified to national security when government data is the subject. That’s why the U.S.government has a stringent set of security requirements known as FedRAMP®. All cloud vendors that provide services to federal agencies must comply with these standards.

In November 2022, the Criminal Justice Information Services (CJIS) division of the FBI updated its cybersecurity policy, impacting state agencies, police departments, and other organizations that handle Criminal Justice Information (CJI). The updated policy poses challenges for organizations, especially smaller ones, to maintain compliance due to limited resources, lack of expertise and the policy’s complexity.

If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.

NIST 800-161 — also identified as NIST Special Publication (SP) 800-161 — was published in April 2015 as Supply Chain Risk Management Practices for Federal Information Systems and Organizations. In May 2022, a year after President Biden’s Executive Order on Improving the Nation’s Cybersecurity, NIST produced a revised version, NIST 800-161 rev. 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.

A risk register is a tool used to manage potential problems or risks within an organization. It helps to identify and prioritize risks, their likelihood of occurrence, and provides ways to mitigate them. Risk registers allow you to play offense and defense – you’re proactively planning for potential challenges and minimizing their impact on your project’s success in the event that the roadmap does veer off course.

At Vanta, we’ve been on a mission to secure the internet and protect consumer data from day one. We got our start building an automated compliance tool to help companies achieve SOC 2 compliance quickly and painlessly.

Against the backdrop of the growing frequency and severity of cyber attacks against enterprises, proposed new regulations from The Securities and Exchange Commission (SEC) are set to require publicly traded companies in the U.S. to analyze how cyber risk could affect financial statements. ‍

This past month at Vanta we launched a new brand, 32 new integrations, support for multiple & distinct identity providers (IdPs) and much more to improve the Vanta experience: ‍ ‍