All Articles

Last Friday, May 25th, EU’s privacy law, the General Data Protection Regulation (GDPR), took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to the EU residents. The GDPR applies no matter where you are located.

Digital Edge has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and is currently in compliance with GDPR. We are committed to GDPR compliance across our cloud services, in addition to providing GDPR related assurances in our contractual commitments.

However, Digital Edge felt it was necessary to write an open letter to Congress urging NOT to adopt the European Union’s GDPR. While we strongly feel that the United States needs a privacy framework implemented, the GDPR model should not be mirrored. 

To view this letter, which includes our justification of why Digital Edge feels this way, please click here!

On Tuesday, May 29th, Digital Edge passed the International Organization for Standardization’s (ISO) Quality Management Surveillance 1 Audit using the 9001:2015 framework! ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare.
 
Digital Edge is also certified in the ISO 27001:2013 framework for Information Security Management. The ISO 27001 is a specification for an information security management system (ISMS). Digital Edge protects businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats. Digital Edge guarantees our clients are receiving outstanding services. 
 
Digital Edge is offering assistance in becoming compliant for any type of standard or certification. Our VP of Compliance is knowledgeable in ISO, DFS, NIST, HIPPA, GDPR, as well as any other standard our clients want to be compliant with. Digital Edge also sends out monthly newsletters informing them about most asked questions regarding compliance and any questions submitted. Check out our Compliance page on our website!
 

"GDPR"

With the General Data Protection Regulation (GDPR) legislation set to go into effect on May 25th of this year, it’s no surprise that there has been a plethora of questions come our way regarding this data protection regulations. Digital Edge's VP of Compliance answers the most commonly asked questions! 

• What are the key benefits for this regulation? 
• What is meant by ‘personal data’ under this legislation?
• How do I now if my company needs to be GDPR compliant?
• What are the penalties for non-compliance?
• Do data processors need ‘explicit’ or ‘unambiguous’ data subject consent – and what is the difference?
• What about users under the age of 16?
• How do I know if I need to appoint a Data Protection Officer (DPO)?
• Under GDPR am I required to report a data breach? If so, what is the time frame? 

Author: Danielle Johnsen (VP of Compliance)
Date: 22 May 2018
Version: 2.4

This document defines Digital Edge’s Green Policy.

Digital Edge is always working to stay compliant, which helps make compliance easier for your business.

Author: Danielle Johnsen (VP of Compliance)
Date: 21 May 2018
Version: 1.1

This document defines Digital Edge’s policy on General Data Protection Regulation of European Union and is based and principles.

A small collage of the DE team throughout the years at our own events!

Or one may say Compliance Driven IT organization. As in the core of any today’s compliance lays Risk Management.

This article explains how to setup Risk Management practices for Cyber Security management. When it comes to Cyber Securty it's best to prepare for the worst-case scenario. It'll guide you on how to find ways to identify threats, face them and prepare to defend your business as well as give you templates to download to start your own risk management practice!

"The best garison is not the one that has lots of weapons but the one who has lot training."  

-M. Petrov CEO

We have a hard working team that devotes their time, energy and dedication to our clients, partners and projects. We couldn't be more proud of our crew in action!

"DFS"

Last month, many New York State Financial Institutions received their scary “Failure to File Certification of Compliance” email and were perplexed by what to do next… Don’t fear, the Digital Edge's VP of Compliance is here to answer your many many submitted questions regarding NYS Department of Financial Services Part 500 Mandatory Cybersecurity Requirements! These are the questions for this month:

• I thought I was exempt and now I’m being notified that I’m PAST DUE, what do I do next?
• Where do I find a sample Certificate of Compliance? Do I have to create my own?
• What does Entity ID mean on the portal?
• Should I file this certificate if we are not yet in compliance with all applicable requirements of Part 500?
• This law requires me to report any cyber-security breach, is there a particular time frame?
• Are all Third-Party Service Providers required to implement Multi-Factor Authentication and encryption when dealing with a Covered Entity?
• What constitutes "continuous monitoring" for purposes of 23 NYCRR 500.05?