Compliance & Regulation

The Risk Management Framework (RMF) is a set of criteria that dictate how the United States government IT systems must be architected, secured, and monitored.  Originally developed by the Department...

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across DoD contractors. It is a new framework for ensuring that the more than 300,000 companies in...

No. That’s the answer in their FAQ. Out-of-the-box Office 365 is not HIPAA compliant, and you need to take the appropriate steps to ensure your organization stays compliant. As the...

HIPAA fines cost ten companies $28.7 million in 2018, which broke the previous 2016 record for HIPAA fines by 22%! That’s only 10 HIPAA cases resolved out of 25,912 complaints...

It’s 2020, do you know where your data is?  If you answered yes to that rhetorical question, you have a decent grasp of data governance. If not, it’s time to...

Happy 2020!  The New Year brings Californians under the California Consumer Privacy Act (CCPA). CA consumers can ask state-based companies for all relevant data, and to request that companies delete...

Contrary to conventional wisdom, the US does indeed have data privacy laws. True, there isn’t a central federal level privacy law, like the EU’s GDPR. There are instead several vertically-focused...

For anyone who’s spent time looking at data security laws and regulations, you can’t help but come across the words “reasonable security”, or its close cousin “appropriate security”.  You can...

The California Consumer Privacy Act (CCPA) is “the first consumer privacy act in the country,” as one California legislator put it.  No other US state has provided its citizens with  GDPR-like...

If you’ve been following the blog, you know that the California Consumer Privacy Act, or CCPA, is set to take effect on January 1, 2020. It will establish a new...