While keeping data safe from modern cyberthreats is difficult enough, you also have to keep in mind compliance with common regulations, i.e., ensuring your company’s compliance to SOX, which deals with transparency in disclosures from public companies. Nowadays, it’s not enough for businesses to rely on dismissive financial documents that satisfy the intermittent audit; you need to level up your game, and create detailed day-to-day records of activities.

Passing an audit is hard — whether you’re in retail, healthcare, finance, or honestly, any industry that values security. Most organizations these days are faced with regulatory standards that must be enforced, which bring both technical and business challenges that are difficult to overcome.

FIPS 140-2 is a set of publicly announced cryptographic standards developed by the National Institute of Standards and Technology. It is an essential part of FEDRamp requirements for many governmental agencies in the US and Canada, as well as their business partners from all around the world. Furthermore, as a well established and verified security standard, an increasing number of large companies and financial institutions are asking for FIPS compliance.

With the implementation of electronic health records (EHRs) into practices, patient experience has improved, among other advancements at the point of care. These include better access to patient records and highly efficient care delivery. While these are some significant benefits, some practices experience certain drawbacks too, such as temporary slowdown of processes during EHR transition and high ongoing maintenance costs. One of the most pressing issues include patient record retention.

As compliance managers, we often find ourselves in a struggle. Our responsibility is to uphold compliance standards but in order to achieve this, we need to “sell” the concept to the relevant stakeholders, inter alia the business teams and R&D. We’re put in the position of justifying required changes and processes and are thus mistakenly perceived as business “stoppers” and not enablers.

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

When an organization is ready to deploy a new solution, or build a new system, there is often a continuing discussion about the relative merits of using the cloud versus deploying on-premises. While there are a number of aspects that play into this decision, it is not always clear which is the better solution for security and compliance. Typically, deployment issues are not clear because security and compliance solutions quickly change when you are using shared vs. dedicated environments.

Here's how an agreement between Japan and the European Union will impact the safety of data transfer.