All Articles

"HIPAA Compliance & HITRUST Common Security Framework”

In recent years, security breaches in the healthcare industry have become a lot more prevalent. The rise in data privacy violations, specifically infringements on the security of ePHIs (electronic Protected Health Information), has put millions of health records at risk. Surely, private data such as health information must always stay protected from unauthorized exposure, which is why HIPAA compliance and HITRUST CSF are so important. Digital Edge's VP of Compliance answers some key questions regarding HIPAA and HITRUST CSF!

• What is the difference between HIPAA and HITRUST CSF?
• If I am HITRUST CSF certified, does that make me HIPAA-compliant?
• How many organizations have adopted the CSF?
• How can Digital Edge help?

The New York State Department of Financial Services (DFS) has recently issued a new regulation concerning Credit Reporting Agencies (CRA) with operations in New York, in response to the substantial data breach involving Equifax in 2017. This newly effective CRA regulation, called the “Registration Requirements and Prohibited Practices for Credit Reporting Agencies,” aims to protect New Yorkers from the possibility of data breaches by requiring credit reporting agencies to comply with the NYS DFS 500 Cybersecurity Regulations and to register with the DFS annually.

This announcement was made by NYS DFS Monday, July 23rd and will be implemented in 4 phases, the first one beginning in November. Digital Edge wants to inform all credit reporting agencies of this new requirement and offer our knowledge on DFS500 regulations. Learn more about this new regulation by reading the full article! 

Digital Edge is an expert in ISO standards, and is certified by the International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Microsoft SPLA Price Increases

Good Afternoon Digital Edge Customers,

We are writing to you today to inform you of changes to monthly Microsoft licenses. (The Microsoft Service Provider Licensing Agreement, or SPLA, is designed to provide customers hosted software services including web services, database services and applications.)

We received communication from Microsoft regarding the expected price changes for January 2019. Please see the information below. Once we have official set dollar amounts we will communicate that information as well. Please let me know if you have any questions! We want to make sure you have this information as soon as possible to give you as much time as possible to plan for these changes.

Programs Impacted – Corporate

Effective January 1, 2019 prices for the following products will increase: 

• By 10% for Windows Server Standard Core 
• By 15% for Windows Remote Desktop Services SAL 

For more information regarding these changes, or to speak with the Digital Edge team, please contact us today!

"How Do Audit Findings Work?"

Many companies undergoing a certification audit spend countless hours undergoing stress and worry that their auditor will find something wrong. Will they just leave in the middle of the audit? Will they refuse to grant you certification? Will they never come back? Do they have to find something wrong? These questions run through the heads of many implementers as they await the certification audit, but it is not as bad as you fear!

Today, Digital Edge's VP of Compliance answer a few questions about how audit findings work, what nonconformities mean, and what you need to do about them:

• How do audit findings work?
• What are audit nonconformities, and what do they mean?
• What do you need to do if a nonconformity is found?

Last Friday, May 25th, EU’s privacy law, the General Data Protection Regulation (GDPR), took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to the EU residents. The GDPR applies no matter where you are located.

Digital Edge has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and is currently in compliance with GDPR. We are committed to GDPR compliance across our cloud services, in addition to providing GDPR related assurances in our contractual commitments.

However, Digital Edge felt it was necessary to write an open letter to Congress urging NOT to adopt the European Union’s GDPR. While we strongly feel that the United States needs a privacy framework implemented, the GDPR model should not be mirrored. 

To view this letter, which includes our justification of why Digital Edge feels this way, please click here!

On Tuesday, May 29th, Digital Edge passed the International Organization for Standardization’s (ISO) Quality Management Surveillance 1 Audit using the 9001:2015 framework! ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare.
 
Digital Edge is also certified in the ISO 27001:2013 framework for Information Security Management. The ISO 27001 is a specification for an information security management system (ISMS). Digital Edge protects businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats. Digital Edge guarantees our clients are receiving outstanding services. 
 
Digital Edge is offering assistance in becoming compliant for any type of standard or certification. Our VP of Compliance is knowledgeable in ISO, DFS, NIST, HIPPA, GDPR, as well as any other standard our clients want to be compliant with. Digital Edge also sends out monthly newsletters informing them about most asked questions regarding compliance and any questions submitted. Check out our Compliance page on our website!
 

"GDPR"

With the General Data Protection Regulation (GDPR) legislation set to go into effect on May 25th of this year, it’s no surprise that there has been a plethora of questions come our way regarding this data protection regulations. Digital Edge's VP of Compliance answers the most commonly asked questions! 

• What are the key benefits for this regulation? 
• What is meant by ‘personal data’ under this legislation?
• How do I now if my company needs to be GDPR compliant?
• What are the penalties for non-compliance?
• Do data processors need ‘explicit’ or ‘unambiguous’ data subject consent – and what is the difference?
• What about users under the age of 16?
• How do I know if I need to appoint a Data Protection Officer (DPO)?
• Under GDPR am I required to report a data breach? If so, what is the time frame? 

Author: Danielle Johnsen (VP of Compliance)
Date: 22 May 2018
Version: 2.4

This document defines Digital Edge’s Green Policy.

Digital Edge is always working to stay compliant, which helps make compliance easier for your business.