Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services.

In November 2021, the U.S. Department of Defense significantly updated its Cybersecurity Maturity Model Certification (CMMC) framework to incorporate new cybersecurity requirements for DoD contractors. In particular, CMMC 2.0 Level 1 (Foundational) contractors must now perform annual self-assessments, and Level 2 (Advanced) contractors must perform annual self-assessments for selected programs.

Cyber security is an important aspect and an integral part of any online business. The layperson has little idea of what threats exist and how to protect against them. And yet, if you own a business you are almost definitely vulnerable to cyber security threats. You don’t need to be a Fortune 500 company to protect against them. By knowing what to do, you can keep your data secure and avoid breaches.

In today’s world where information security is fundamental to businesses to protect their systems, network and data, compliance to ISO 27001 is crucial. ISO 27001 is an internationally recognised set of standards that helps organisations manage their information security by establishing, implementing, and maintaining an information security management system (ISMS).

Broadly speaking, an information security program is a set of activities and initiatives that support a company’s information technology while protecting the security of business data and enabling the company to accomplish its business objectives. An information security program safeguards the proprietary information of the business and its customers. The Gramm-Leach-Bliley Act (GLBA) has a more specific definition of what a security information program should entail.

When a leading financial technology provider began posting record success and rapid customer growth, it needed a holistic security strategy to protect its customer data and comply with regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and the California Consumer Privacy Act (CCPA).

It’s 3pm on a Wednesday, and you’re really just done with the week already. You hear that “ping” from your Slack and know that you set notifications for direct messages only, which means, ugh, you have to pay attention to this one. It’s your boss, and she’s telling you to check your email. Then you see it, the dreaded audit documentation request. This will take you the rest of today and most of tomorrow.

Cyber security risks have never been more apparent and costly. According to the survey data, the average cost to the U.S. organizations that experienced a cybersecurity breach in 2020 was approximately 8.64 million dollars per incident, up almost a half-million dollars from 2019. Rates of cyber security attacks and identity theft have significantly increased and seem to be only becoming easier for hackers and cybercriminals.

Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure they adhere to it to remain compliant.

The Gramm-Leach-Bliley Act (GLBA) aims to protect consumer financial privacy with three provisions: the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Provisions. In our previous post, we covered the GLBA Financial Privacy Rule and what financial institutions, as defined by the GLBA, need to know to be compliant.