Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

To operate legally and ethically, every company, no matter the size or type of organization, must be aware of the laws, regulations, and industry standards that govern them. Though many businesses may view regulatory compliance as a burden, it does not have to be this way. The benefits of following these rules greatly outweigh the consequences. Organizations can ensure the safety and well-being of their employees, customers, and the general public by following these regulations.

Getting compliant can be a time-consuming and tedious process when done manually. That’s why thousands of businesses use Vanta to automate up to 90% of the work needed to comply with security and privacy frameworks. ‍ Why do companies choose Vanta? They’re looking to unlock business growth and expand into new markets or larger accounts, streamline their compliance processes, and strengthen their security posture to earn trust with stakeholders.

General Data Protection Regulation (GDPR) is a framework for data protection that gives strict obligations for organizations within the European Union. For many businesses, understanding and implementing GDPR vendor management is a daunting task. That’s why we are going to break down what GDPR vendor management is, who is involved in it, and what the requirements are.

Many data breaches start with a compromised account from one of a company’s employees. Jérôme Berloty and Benjamin Netter decided to build a product based on that fact and launched Riot in 2020. ‍ Based in Paris, France, Riot combines learning modules and phishing simulations to raise cyber awareness and solve compliance needs. The courses are chat-based, five minutes long, and immersive and interactive, making learning more entertaining. ‍

Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under NIST SP 800-171, as required by Executive Order 13556 (2019). As a contractor and partner of the U.S. Government, Penn State is required to implement a minimum set of security controls around Controlled Unclassified Information (CUI) it collects, creates, or handles as part of its partnership with the government.

With the advent of the Digital Personal Data Protection Act (DPDP Act) in 2023, India has taken a significant step towards safeguarding the rights of individuals, termed as ‘Data Principals’, over their personal data. This blog post aims to shed light on the rights and protections offered to Data Principals under the DPDP Act, a landmark legislation that is reshaping the landscape of data privacy in India.

Businesses with Indian customers or those accessible to Indian citizens, take note! The Digital Personal Data Protection Act (DPDP) has been passed in India. This new law, approved by the president on August 11, 2023, dictates how organizations handle personal data. The DPDP Act is not yet enforceable as the Data Protection Board of India is still being established.

Today we’re thrilled to announce that Vanta’s Role-Based Access Control (RBAC) functionality has gotten even stronger with new capabilities, including: ‍ ‍ These expanded RBAC capabilities are now generally available and demonstrate Vanta’s continued commitment to supporting the needs of larger, more advanced organizations through additional customization and flexibility across our platform. ‍

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month. NEW: Prove the ROI of your security and privacy investments with TrustCloud Business Intelligence (BI) TrustCloud Business Intelligence is here! Now, you can see and share key results from across your compliance, risk management, and sales acceleration programs to showcase ROI, prove value, plan your resources, and easily align with stakeholders.