Articles by tag "regulations"

5/28/2019 Compliance

Ask Our VP of Compliance: May 2019

Happy Birthday GDPR! On May 25th, internationally we will be “celebrating” the first anniversary of the EU’s General Data Protection Regulation (GDPR). Nearly one year later, have the stricter rules really made a difference? Consumers are definitely seeing more pop-up privacy notices online, thanks to GDPR, but for now the astronomical fines the new regulations threatened have not yet surfaced.

3/25/2019 Compliance

Only GDPR Can Cause €56 Million in Fines in Less than a Year

In a short nine months, there has been hundreds of thousands of cases and millions in fines.

And this is just the start.

12/19/2018 Compliance

Ask Our VP of Compliance: December 2018

IT Compliance vs. IT Security : “What’s the difference?”

It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:

  • IT Security: Explained
  • IT Compliance: Explained
  • What Are the Differences? And Why are Both Necessary?
  • How do IT Compliance Management and IT Security Management Integrate?
  • Becoming COMPLIANT and SECURE
8/31/2018 Compliance

Ask Our VP of Compliance: August 2018

"California’s New Data Privacy Law”

Recently, California established a new data privacy law regarding the rights of consumers over their personal information. Set to take effect in 2020, this new law will affect companies in the digital sector (who have Californian clients) by forcing them to comply with higher privacy standards. Consumers will have to be given the option to opt-out of sharing personal information, as well as the right to prohibit the sale of their information if they do choose to share it.

So, what does this mean for businesses? Many businesses will have to undergo major changes by modifying their infrastructures in order to adhere to the new California law.

Find out more as Digital Edge's VP of Compliance answers some key questions regarding this significant change to data privacy in the US.

  • Who does this law apply to?
  • What is meant by “personal information”?
  • What are the requirements for collecting data on minors?
  • How will this law be enforced?
  • Can I set up a separate homepage for California consumers?
2/12/2018 Newsletters

DFS - Certification of Compliance - Due 2/15/2018!

New York State Department of Financial Services recently updated its web page to indicate that any covered entities (i.e., agencies, insurance agents or insurance brokers) that already submitted their Certification of Compliance, needs to do so again after Monday, Jan. 1, 2018. 

According to the department, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between January 1 and the February 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year end, a Certification of Compliance before year end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS Cyber Security Regulation (23NYCRR500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Thursday, Feb. 15, 2018, and annually thereafter. The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
1/26/2018 Newsletters

Is Your Cybersecurity Infrastructure in Compliance?

In March of 2017, the New York State Department of Financial Services’ (DFS) issued its “Part 500” - Mandatory Cybersecurity Requirements for financial services entities. Thus, requiring banks, insurers, and other financial institutions to establish and maintain a “risk-based, holistic, and robust security program” that is ultimately designed to protect consumers’ private data. Partial exemptions are provided for covered entities based on their staffing level, annual revenue, or total assets

The initial deadline for submitting an annual Certification of Compliance on February 15, 2018 is rapidly approaching, and all organizations are required to comply with DFS Part 500 Section 9, Risk Assessment by March 1, 2018

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.
 
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
9/20/2015 White Papers

Log Management Compliance - ISO 27001 - International Organization for Standardization

The ISO 27001 standard is a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving management systems information security (ISMS) within the context of the overall commercial risks of the organization.

ISO language in relevance to log management: "Audit logs must be turned on for security events, user activities and exceptions. They must be kept for a predetermined period of time.". The task of organizing this information can be overwhelming. In addition to the millions of individual log entities that can be generated daily, all IT environments have reporting data logs. Additional recommendations to analyze and report on log data make manual processes or internally prepared solutions are insufficient and expensive for many organizations.

9/20/2015 White Papers

Log Management Compliance - GPG 13 - Good Practice Guide 13

HMG organizations are required to follow Protective Monitoring for HMG ICT Systems, based on Communications-Electronic Security Group’s GPG 13 to gain access to UK GCSX, Government Connect Secure Extranet.

LogIT can simplify GPG 13 audits by giving direct address control obligations mandated. With the option to customize LogIT’s GPG 13 specific compliance module and reporting to your environment, our clients are empowered to build and maintain a secured compliance program. With case management, clients will be able to effortlessly conduct forensic investigations around incident response activity.

9/20/2015 White Papers

Log Management Compliance - SOX - Sarbanes-Oxley Act

SOX requires that all publicly traded companies establish and follow a framework of internal controls that support accountability and integrity of the financial reporting process. A vital part of SOX requirements includes the collection, management, and analysis of log data. 

9/20/2015 White Papers

Log Management Compliance - PCI DSS - Payment Card Industry Data Security Standards

The PCI DSS was created to encourage and enhance cardholder data security and facilitate the extensive adoption of consistent data security measures worldwide. This applies to all organizations that store, process, and/or transmit cardholder data.