ISO/IEC 27001 is a set of international standards developed to guide information security. Its component standards, such as ISO/IEC 27001:2013, are designed to help organizations implement, maintain and continually improve an information security management system (ISMS). Compliance with ISO 27001 is not mandatory.

With enhanced information security becoming increasingly more urgent, privacy protection efforts are ramping up for many industries. One of the more recent measures to address data privacy has come from the latest California Consumer Privacy Act (CCPA) Proposition 24, also known as the California Privacy Rights Act of 2020 (CPRA).

2020 was a lot of things. Unexpected. Tough. Frightening. Frantic. It was also revealing. Most CIOs were asked to enable ways of working and doing business that they had not considered necessary before. Others had maybe always known such moves were wise, but had never been able to dedicate the time, resource or budget to such endeavours. Or, ironically, had never been able to prove the business case. Either way, too many were caught under-prepared.

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law designed to protect individual privacy by establishing national standards for maintaining sensitive patient health information and medical records. HIPAA compliance rules incorporate requirements from several other legislative acts, including the Public Health Service Act and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

If you are running a user-facing web application, you likely implement some form of authentication flow to allow users to log in securely. You may even use multiple systems and methods for different purposes or separate groups of users. For example, employees might use OAuth-based authentication managed by a company-provided Google account to log in to internal services while customers can use a username and password system or their own Google credentials.

Making sure your environment is compliant with regulatory requirements can be a challenge. No matter your company’s size or industry, ensuring you have the required security controls is never a set-it-and-forget-it process. With your IT environment, your user base and the threat landscape evolving all the time, you have to adjust constantly. Indeed, with so much to keep track of, even your best efforts at keeping your company compliant can fall short, unless you have help.

Technology plays a crucial role in the operation of today’s healthcare service organization. Many hospitals are increasing use of modern technologies like mobile computing and cloud services to improve care delivery, resulting in far-reaching impact for doctors and administrators. At the same time, the current COVID-19 pandemic has disrupted almost every aspect of life. The situation has accelerated the adoption of virtual care to stay relevant during the pandemic.

Many of our customers rely on the Amazon Web Services (AWS) Well-Architected Framework as a guide to build safe, secure, and performant applications in the cloud. AWS offers the Well-Architected Review (WAR) Tool as a centralized way to track and trend adherence to Well-Architected best practices. It allows users to define workloads and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization.

We’re happy to announce that we’ve successfully completed PCI (Payment Card Industry Data Security Standard) Service Provider Certification. This means that at Logit.io we are committed to the security of storing, processing and transmitting credit card transactions.