If your organization has been working towards NIST 800-171 and is now on the journey to achieve CMMC 2.0 (the Cybersecurity Maturity Model Certification) it can be difficult to understand what you’ve already achieved and what’s left to do. Both standards are intended to reduce threats and strengthen cybersecurity for sensitive government data. Here’s some details on how they relate to each other and what’s involved to take the next steps toward CMMC compliance.Read More
Veritas’ latest version of Enterprise Vault (EV) has been available for almost a year now. EV12 offers the latest features that companies require to ensure effective implementation of their archiving and discovery strategies. The six listed here are particularly noteworthy:Read More
Healthcare providers today are continuing to rely more and more on the efficiencies of the public cloud to store, send, and manage sensitive data. But it’s challenging to leverage the benefits of the cloud while managing the increasing complexity of healthcare security, compliance and regulatory demands.
That’s where HITRUST comes in. The HITRUST Certification is the most widely recognized security accreditation in the healthcare industry. HITRUST incorporates healthcare specific security, privacy and regulatory requirements from existing regulations such as HIPAA/HITECH, PCI, ISO 27001 and MARS-E as well as industry best practices. Microsoft has recently announced that Azure is one of the first hyperscale cloud computing platforms to become HITRUST CSF Certified. It’s a valuable addition to Azure, providing a single framework for healthcare organizations to leverage the efficiencies, availability, and scalability that Azure provides.Read More
In December 2015, the electronic discovery provisions of the Federal Rules of Civil Procedure (FRCP) were amended to substantially expand the Safe Harbor against sanctions for destruction of electronic data. In my November 2015 white paper, C-Level Guide to Covering Your Information Governance Assets, I predicted that the amended rules signaled a pivot away from one of the main sources of eDiscovery uncertainty - the inconsistent imposition of severe sanctions for the loss of electronically stored information relevant to dispute resolution. The prediction holds.Read More
Given the great highs and lows experienced by financial institutions over the past 10 years, there’s no doubt that today’s industry is highly resilient.
The same is also true for the industry’s IT teams. In the past, IT has been routinely asked to navigate everything from mergers & acquisitions to sophisticated security threats and emergent application demands from a fast growing segment of mobile consumers.Read More
By Bruce Hall, Director of Managed Services
Have you heard about SOC 2 and SOC 3 validation? If you’re storing data in the cloud (or considering it) it’s a business imperative. We’ve recently completed a Service Organization Control 2 (SOC 2) and Control 3 (SOC 3) validation process. While we’re proud of our achievement, it’s important to explain what this means for our customers. When researching an enterprise cloud or managed service solution, it’s essential to not only check for compliance with SOC 2 and SOC 3, but also to review the actual report. Prospective service providers should be more than willing to share their report.
Author: Ned Fairweather, Senior Consultant
Author: Sean Gilbride, Director of Professional Services Operations
Author: Joseph Correia, Principal Consultant
Author: Brenden Doyle, Senior Consultant