Data Privacy Consulting for GDPR and CCPA Compliance
For any company that collects personal information, data privacy consulting has shifted from a nice-to-have to a practical necessity, driven by overlapping regimes like the GDPR in Europe and the CCPA in California. The two laws share a goal, giving people control over their personal data, but they impose different obligations, and most growing businesses […]
How Much Does CMMC Level 2 Compliance Cost?
Helping companies become CMMC compliant, we have learned a great deal about the options organizations have and what it actually takes to meet the 110 control requirements (over 300 control objectives) of the standard. One of the first questions every defense contractor asks is also the hardest to answer cleanly: what will this cost? The […]
How ISO 42001 Overlaps with ISO 27001 and ISO 9001
Organizations pursuing more than one ISO certification often discover the standards share far more than they expected. ISO 42001 (AI management), ISO 27001 (information security), and ISO 9001 (quality management) are all built on the same backbone, which means you can certify against all three without building three separate management systems. Why the Three Standards […]
2023 HIPAA Compliance
If you are running a healthcare company and providing medical services to patients – you have access to a lot of sensitive information like medical records, test results, and personal details. It is crucial to handle this information responsibly and keep it secure. That’s where HIPAA compliance comes into play. HIPAA, the Health Insurance Portability […]
The StateRAMP Review Process
Founded in 2020, the State Risk and Authorization Management Program (StateRAMP) is a program that aims to help state and local governments in the United States manage the risks associated with using cloud services. Who does StateRAMP Review Process apply to? If your firm is a provider with FedRAMP, it would make sense to consider StateRAMP, […]
What is an Upstream EDE Entity?
There are three categories for an upstream EDE Entity: For all upstream arrangements, the following must be observed: It’s important to note that all EDE Web Brokers, DE Technology Providers, and Hybrid Entities meet all CMS requirements for both REMEDIATION and AUDIT. This includes remaining up-to-date on all requirements applicable to Upstream EDE Entities with […]
2023 AI Bias Audit Laws
USA AI Bias Audit Laws The NY automated employment decision tools law Update as of December 15, 2022: Due to the volume of comments the NYC Department of Consumer & Worker Protection received in response to the proposed rule, Local Law 144 will not be enforced until April 15, 2023. ___________________________________________________________________________ The NY Local Law […]
Are You Ready for SWIFT ISO 20022 In November?
On July 5, 2018, an announcement was published by the Federal Reserve Board, which described the intent to adopt and migrate to the new ISO 20022 standard to replace the existing financial transaction messaging service. In response, last year SWIFT also announced a planned, formal migration to ISO 20022 MX, an established global messaging system that is […]
DUNS Has Been Replaced, Say Hello to UEI
In this article, we look at the switch from DUNS to the Federal Contractor UEI Number. Early last month, the United States federal government announced the retirement of and discontinued its use of the Data Universal Numbering Systems (known as DUNS). The DUNS was the previous primary means of identifying entities for federal contract awards. […]
PCI DSS v4.0.1: The Current Standard and What Your Organization Must Do
If your organization touches credit card data in any way, the Payment Card Industry Data Security Standard (PCI DSS) is central to how you operate. The standard underwent its first major overhaul in more than a decade with the release of v4.0, and the transition is now complete. The future-dated requirements that were once optional […]