Upcoming Webinar: Strengthening Compliance in Long-Term Care- A Practical Compliance & HIPAA Guide for Nursing Homes. Learn More.
Upcoming Webinar: Strengthening Compliance in Long-Term Care- A Practical Compliance & HIPAA Guide for Nursing Homes. Learn More.
Receive articles and resources from the information risk management experts at FoxPointe.
In today’s complex regulatory landscape, organizations often face overlapping compliance demands. SOC 2, governed by the American Institute of Certified Public Accountants (AICPA), evaluates controls related to the Trust Services Criteria (TSC). ISO (International Organization for Standardization) 27001, on the other hand, is an international standard for establishing, implementing, and...
In today’s digital landscape, the terms Information Technology, Information Security, and Compliance are often used interchangeably, but they shouldn’t be. While all three play essential roles in protecting and supporting an organization, each discipline has its own focus, priorities, and responsibilities. Understanding where they overlap, where they differ, and why...
The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law that establishes minimum protection requirements for retirement and health insurance plans established voluntarily by private industries nationwide. Plans covered by ERISA often hold substantial monetary assets and maintain personal data on participants. As you can imagine, this...
You’ve implemented firewalls, antivirus software, multi-factor authentication, and backup protocols. You’ve trained your staff. You’ve followed the frameworks. On paper, your cybersecurity program looks solid. But here’s the hard truth: unless you test your controls, you’re operating on assumptions. Too often, companies invest in security tools and policies without verifying...
It’s hard to believe that PCI DSS v4 (now 4.0.1) has already been out for three years. The standard was officially released to the public on March 31, 2022. With it came a transition period to allow organizations time to prepare for the new requirements. Over the past three years,...
The European Union’s Digital Operational Resilience Act (DORA) officially went into effect on January 17, 2025, marking a significant step in strengthening the IT security and operational resilience of financial institutions. This regulation sets a new standard for banks, insurance companies, investment firms, and other financial entities, ensuring they can...
Data Privacy can be best defined as the protection of personal data from those who should not have access to it and the ability to individuals to determine who can access their personal information. AI’s Impact on Informational Privacy The use of Artificial Intelligence (AI) has become widespread and almost...
As organizations operate and grow, so too does the amount of data that they’re responsible for. Properly managing and safeguarding organizational and customer data can help ensure compliance with GDPR, CCPA, GLBA, and regional laws. Failure to implement and maintain secure data practices can lead to significant fines, legal action,...
Insider threats pose a significant risk to organizations, involving individuals with access to critical systems and data. These threats can come from malicious insiders intent to cause harm, careless employees who unknowingly compromise security, or those whose credentials have been stolen by external attackers. Unlike external threats, insider attacks can...
A SOC 3 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 21, focuses on a service organization’s controls that are likely relevant to examining a user entity’s (customer’s) service commitments and system requirements. SOC 3 reports cover a service organization’s security, availability, processing integrity, confidentiality, and...
Based on Verizon’s 2024 Data Breach Investigations Report, the public administration, finance, professional, manufacturing, and education industries are the most popular targets for cyber criminals. The most common attacks occur through ransomware, phishing emails, desktop sharing, virtual private networks, and web applications. All of which have led to an increased...
The European Union’s General Data Protection Regulation (GDPR) sets a high standard in the world of global data privacy and security. Known for its strict requirements and robust enforcement, the GDPR poses a considerable challenge for companies within its reach. However, for businesses planning to expand into the United States,...
