Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our August 2020 roundup of compliance news from around the United States, and around the world.
During an internal International Organization for Standardization (ISO) audit, your company assesses its quality management system (QMS) to determine if it complies with ISO 9001. Companies use the ISO 9001 standard to demonstrate that they can consistently provide products and services that meet customer needs and regulatory requirements. Organizations also use ISO 9001 to demonstrate that they are continually improving their products, services, and processes.
Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.
If your company is a service organization and your customers trust you with their data, you may need to pass a SOC 2 (System and Organization Controls 2) audit. Compliance and certification are the goals of a SOC 2 audit. Because the integrity, confidentiality, and privacy of your customers’ data are on the line, they’ll want you to prove that you have the internal controls in place to protect that data. The SOC 2 compliance audit gives them that assurance.
For organizations that manufacture any type of product, overall quality and customer satisfaction are extremely critical. This is particularly important for companies that manufacture complex products, such as vehicles or medical devices. Note that vehicle manufacturers, particularly in the United States but also in other countries, have established their own quality standards for third party suppliers.
Cybersecurity risk management is the practice of prioritizing cybersecurity defensive measures based on the potential adverse impact of the threats they're designed to address. Establishing a risk management approach to cybersecurity investment acknowledges that no organization can completely eliminate every system vulnerability or block every cyber-attack.
The Cybersecurity Maturity Model Certification (CMMC), drafted by the Department of Defense (DoD), is a new standard set to enhance supply chain security and augment the NIST SP 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations. A key difference between the NIST SP 800-171 and a CMMC is the removal of a self-attestation component in favor of a third-party assessor model.
Every company that uses computers and the Internet should be concerned about information security and particularly, network security. The number of threats each company faces is growing every day. Whether it’s SPAM, malware, spyware, phishing or virus threats or users who walk out the door with proprietary information or sensitive data, the threat and risks are potentially damaging and costly for that company.
In a world where customers gravitate towards the best products and services, upholding high levels of quality as a business is a no-brainer. Being quality-centric in all your business processes ensures you can steer away from common errors. It can also improve your overall productivity as well as improve your customer retention rates. While there are various standards you can follow to improve the quality of your daily operations, the ISO 9000 standard remains to be one of the best. Even better, it is recognized globally, which could make it easier to do business the world over. The ISO 9000 family consists of five standards.
Compliance with the Sarbanes-Oxley Act of 2002 is a legally mandated must for all U.S. public companies and some other entities, as well. But meeting the requirements of this important law can be incredibly difficult. Preparing for a SOX compliance audit requires so much work that companies often designate entire teams full-time to the task. The law is that complex.
