Most organizations tend to focus on becoming compliant rather than being secure. And while meeting client requirements and industry regulations is very important, it does not necessarily guarantee that your organization is secure. If your entire information security program is based on “What must we do to be compliant?”, you’re probably missing some major holes … Read more
An information security program is a critical component of any organization regardless of the size of your business or the industry you’re in. A good information security program consists of a comprehensive set of information security policies and procedures, which is the cornerstone to any information security program. Whether you’re responsible for protected health information … Read more
Debt Collection and Audits for Collection Agencies Debt collection agencies with sensitive data need to know how PCI, FISMA, SSAE 16/SOC 1, and SOC 2 apply to them. If you’re performing collections, you’re no stranger to regulatory compliance and the proactive supervision of government agencies such as the Federal Trade Commission (FTC), the Consumer Financial … Read more
It’s important to analyze and fully understand the areas of risk as the CFPB continues to closely supervise the collections environment and call monitoring compliance. One of the biggest risks to a collection agency is communication with consumers, making the monitoring of calls a very telling practice. An effective call monitoring program is a critical … Read more
If you’re a shared hosting provider or a business using shared hosting, understanding the Payment Card Industry Data Security Standard (PCI DSS) requirements for shared hosting providers is vital to maintaining compliance and protecting sensitive data. In this guide, we’ll summarize insights on PCI Data Security Standard Requirements 1 and 2 and common compliance gaps. … Read more
Meeting PCI DSS requirements starts with understanding where your organization stands today. That’s where a PCI DSS gap analysis comes in. It’s a diagnostic process that pinpoints which controls are already in place, which ones are missing, and what actions are needed to achieve full compliance. If your organization stores, processes, or transmits payment card … Read more
In light of the recent news of the data breach at Anthem Blue Cross/Blue Shield, risk assessment is our theme today. We welcome this guest post from our partner, KirkpatrickPrice…. Performing a Risk Assessment is a critical component of any Information Security Program. It’s mandated by several frameworks (SSAE 16, SOC 2, PCI DSS, … Read more
