2023 HIPAA Compliance
If you are running a healthcare company and providing medical services to patients – you have access to a lot of sensitive information like medical records, test results, and personal details. It is crucial to handle this information responsibly and keep it secure. That’s where HIPAA compliance comes into play. HIPAA, the Health Insurance Portability […]
The StateRAMP Review Process
Founded in 2020, the State Risk and Authorization Management Program (StateRAMP) is a program that aims to help state and local governments in the United States manage the risks associated with using cloud services. Who does StateRAMP Review Process apply to? If your firm is a provider with FedRAMP, it would make sense to consider StateRAMP, […]
What is an Upstream EDE Entity?
There are three categories for an upstream EDE Entity: For all upstream arrangements, the following must be observed: It’s important to note that all EDE Web Brokers, DE Technology Providers, and Hybrid Entities meet all CMS requirements for both REMEDIATION and AUDIT. This includes remaining up-to-date on all requirements applicable to Upstream EDE Entities with […]
2023 AI Bias Audit Laws
USA AI Bias Audit Laws The NY automated employment decision tools law Update as of December 15, 2022: Due to the volume of comments the NYC Department of Consumer & Worker Protection received in response to the proposed rule, Local Law 144 will not be enforced until April 15, 2023. ___________________________________________________________________________ The NY Local Law […]
Are You Ready for SWIFT ISO 20022 In November?
On July 5, 2018, an announcement was published by the Federal Reserve Board, which described the intent to adopt and migrate to the new ISO 20022 standard to replace the existing financial transaction messaging service. In response, last year SWIFT also announced a planned, formal migration to ISO 20022 MX, an established global messaging system that is […]
DUNS Has Been Replaced, Say Hello to UEI
In this article, we look at the switch from DUNS to the Federal Contractor UEI Number. Early last month, the United States federal government announced the retirement of and discontinued its use of the Data Universal Numbering Systems (known as DUNS). The DUNS was the previous primary means of identifying entities for federal contract awards. […]
PCI DSS v4.0 is being released NOW – What is known about the newest version?
If your organization is involved with credit card processing in any way, the PCI DSS (Payment Card Industry Data Security Standard) is integral to your daily operations. The current PCI DSS v3.2.1 contains 12 Requirements within 6 goals which entails approximately 400 Control Items. In 2019, The PCI Security Standards Council conducted a formal Request for Comment (RFC) […]
CMMC 2.0 – Extended-Release Dates Among Rule-Making Delays
In this article, we look at factors affecting DoD CMMC 2.0 Release Date. Since its initial release in the fall of 2021, the original CMMC model (now referred to as CMMC 1.0) received pushback from smaller and medium-scale corporations who vocalized their opinion that a self-assessment should serve as appropriate for operators who are not […]
Is your Financial Institution aware of the FTC’s Final Rule Implemented in January 2022?
In October of last year, in an effort to strengthen data security measures, the Federal Trade Commission (“FTC”) announced that there were plans to implement important updates in an effort to rejuvenate and modernize what is known as the Standards for Safeguarding Customer Information (‘‘Safeguards Rule’’). The Safeguards Rule provides a guideline for businesses to have information security processes in practice […]
CMMC 2.0 Update – What Do These Changes Mean for Your Organization?
CMMC 2.0 Update Three major changes were announced for CMMC: fewer security tiers, new level definitions and requirements, and allowance for “Plan of Action & Milestone” reports. Learn more about the DoD’s major changes to the CMMC program. Like everyone else in the world of federal compliance, we’ve been closely tracking the Cybersecurity Maturity Model Certification […]