The EU Cyber Solidarity Act is a new initiative that follows the European Union's latest efforts to build stronger cyber defenses against evolving cybersecurity threats. This legislation introduces a new strategy for enhanced cooperation between EU member states and focuses on how EU nations can better prepare and respond to cyber incidents.

Vendor risk assessments are critical for any organization that relies on third-party vendors. Third-party risk can negatively affect an organization’s security, compliance, and performance, resulting in devasting security breaches or disruptions in its supply chain that halt business operations. Organizations use vendor risk assessments to evaluate and manage third-party vendor risks associated with outsourcing business operations or procuring goods from external suppliers.

Montana Governor Greg Gianforte signed Senate Bill 384, the Montana Consumer Data Privacy Act (MTCDPA), on May 19, 2023. The consumer privacy law will become effective on October 1, 2024, and requires covered entities that process personal data to comply with several transparency and disclosure obligations. The MTCDPA follows the structure and scope of other US state data privacy laws, including the California Consumer Privacy Act, Tennessee Information Protection Act, and Colorado Privacy Act.

Tennessee Governor Bill Lee passed the Tennessee Information Protection Act (TIPA) on May 11, 2023. TIPA becomes effective on July 1, 2025, and groups Tennessee with California, Colorado, Virginia, and other states that have published their own data privacy law while waiting for a comprehensive federal law from the U.S. Government.

Security questionnaires represent the cornerstone of most third-party risk management (TPRM) programs. They allow organizations to responsibly appraise a vendor's security posture before they move forward with onboarding and grant the vendor access to internal systems and data. Nevertheless, most security teams feel burdened by time-consuming and lengthy security questionnaires, especially when faced with additional resource and staffing limitations.

A Vendor Risk Management framework is the skeleton of your VRM program. Without it, your Vendor Risk Management program will collapse under a heavy burden of inefficient processes. This post outlines the anatomy of an effective VRM framework to help you seamlessly manage security risks in your third-party network.

A Vendor Risk Assessment (also referred to as a third-party risk assessment) is a critical component of a Vendor Risk Management program. As such, the overall impact of your VRM efforts hangs on the efficiency of your vendor risk assessment workflow. This post outlines a framework for implementing a streamlined vendor risk assessment process to prevent potential data breach-causing third-party security risks from falling through the cracks.

As digital transformation continues to multiply pathways to personal data, complete GDPR compliance is getting harder to attain. Whether you’re a data protection officer or a cybersecurity professional helping your organization remain compliant, this blog suggests advanced GDPR compliance strategies you may not have yet considered - beyond that delightful cookie consent notice we all love.

Telehealth or telemedicine is one of the most common ways of providing healthcare services in the EU, with nearly 77% of countries adopting some type of telehealth service. Countries like Norway, Sweden, Denmark, and Italy are considered some of the world’s leaders in providing telehealth services. Following the COVID-19 pandemic, telehealth became widely adopted across Europe, with many countries participating in cross-border collaboration.

Organizations commonly rely on third parties such as vendors, suppliers, and other business partners to handle critical operations. While third-party relationships can provide many benefits, they also introduce a range of risks that can threaten data security, compliance, and business continuity. Therefore, it's crucial to recognize and manage these risks with a robust Third-Party Risk Management policy.