4 Things You Need to Know About SOC 2 Compliance

Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding in the cloud, and then take into account the proliferation of cloud-based security threats, compliance can be a little dizzying. We’re here to break down the complexities of compliance requirements for you, starting with SOC 2.

SOC 2 is one of the more common compliance requirements technology companies must meet today. But what does SOC 2 compliance mean, and how can you go about achieving it? In this post, we break down the four most important things you need to know. Read more “4 Things You Need to Know About SOC 2 Compliance”

HIPAA Compliance Checklist

Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be compliant, this isn’t something you can delay or phase in gradually because failure to meet HIPAA compliance can carry steep penalties. (On the positive side, becoming HIPAA compliant can be a tremendous business driver if you’re interested in starting a company, entering a new market, attracting new customers, or reducing the time it takes to obtain approvals.) Read more “HIPAA Compliance Checklist”

How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack

The current version of the PCI DSS is 3.2.1, published in May 2018. Requirement 6 states that you must “Develop and maintain secure systems and applications.”  Sure, no problem. That’s totally clear and straightforward — at least for anyone who’s never tried to develop and maintain secure systems and applications! For the rest of us, that’s a tall order.  Read more “How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack”

50 Valuable PCI Compliance Tips

The Payment Card Industry Data Security Standards (PCI DSS) provides a rigorous security framework and best practices for businesses that store, transmit, or process credit card information. 

The PCI DSS is a set of technical and operational requirements that govern modern payment processing. Businesses and organizations in the payments industry must achieve and maintain compliance, or they may become liable to consequences that include increased risk of data breaches, damage to brand reputation, heavy fines, and other sanctions. 

With more companies using cloud computing than ever before, PCI compliance in the cloud — such as AWS PCI Compliance — is a growing need. Companies can reduce their risk and streamline compliance by leveraging the right tools. Platforms such as Threat Stack’s Cloud Security Platform®, which offers continuous cloud compliance, can strengthen your organization’s security posture and build compliance into your technology stack to help you meet PCI DSS requirements as well as compliance requirements for other regulatory frameworks. 

To help as you embark on the journey to PCI compliance, we have compiled a list of 50 PCI compliance tips from payment security experts and thought leaders. To make the list manageable, we have divided the tips and quotes into the following five categories: Read more “50 Valuable PCI Compliance Tips”

How Stratasan Addresses Its Growing Security & Compliance Needs for Healthcare IT and Services Using Threat Stack

Stratasan provides web-based software and professional services that are designed to help healthcare organizations maximize strategic growth through convenient access to useful information on healthcare markets. Healthcare providers, specifically hospitals and hospital systems, struggle to discover the best opportunities in their market for strategic growth, find the right patient populations in their service area, and track their performance and progress against their strategic growth goals. 

By delivering intelligence through proprietary web-based software and a team of seasoned healthcare professionals, Stratasan establishes a foundation for growth in strategic planning, marketing, physician relations, and expansion. Partnering with nearly 1,000 hospitals across 40 states, Stratasan helps them achieve efficiency and effectiveness in their strategic planning initiatives. 

This blog post outlines how Stratasan uses Threat Stack to gain the visibility, multiple tiers of monitoring, and auditable data, it needs to address its growing security and compliance needs. Read more “How Stratasan Addresses Its Growing Security & Compliance Needs for Healthcare IT and Services Using Threat Stack”

PCI Compliance Checklist

PCI DSS stands for Payment Card Industry Data Security Standard. These standards are in place to help businesses protect themselves and their customers by outlining how sensitive personal information, like credit card data, gets stored. If you process payments using debit or credit cards, you must meet PCI DSS, or you might be fined or have your ability to process cards revoked altogether.  Read more “PCI Compliance Checklist”

How SaaS Companies Can Build a Compliance Roadmap

Meeting compliance requirements can be a challenge, but it can also open up new markets, speed your sales process, and improve your company’s overall security posture. When it comes to improving your security maturity, compliance can be a useful part of your strategy.

Whether you’re targeting specific industry verticals or going after international customers, entering new markets requires continuous education about the latest in compliance and regulatory standards as they relate to data privacy and security. With that in mind, this post takes a brief look at key standards in order to give you insights into the security and privacy requirements that may be pertinent to the way your SaaS company engages with prospects and customers and handles sensitive data. Read more “How SaaS Companies Can Build a Compliance Roadmap”

Ensuring Compliance With EU Payment Services Directive (PSD2)

September 14, 2019 is the deadline by which all payment service providers within the European Union must comply with PSD2’s Regulatory Technical Standard (RTS) pertaining to the requirements of the revised Payment Services Directive (PSD2). In this post, we cover some of the main issues related to PSD2’s purpose, how to determine whether it applies to you, and key requirements for compliance and security. Read more “Ensuring Compliance With EU Payment Services Directive (PSD2)”

AWS GDPR: What You Need to Know

In May 2018, the General Data Protection Regulation became enforceable. While it is largely a European Union regulation, you are still covered by it if you store or process personal information of EU citizens.

If you use Amazon Web Services, you already know about many of the common security issues that can arise if you’re not on top of your game. But GDPR opens the door to a whole new set of security concerns and potential pitfalls, even for companies that aren’t based in the EU. Fortunately, AWS has taken steps to achieve GDPR compliance, but since it operates using a shared responsibility model, that means you’re on the hook for compliance, as well. With Threat Stack, you can secure your AWS infrastructure and uphold your end of the shared responsibility arrangement without slowing down DevOps. In addition, our intrusion detection platform helps you meet GDPR compliance obligations by helping you achieve observability throughout your infrastructure.

In this post, we discuss the steps AWS has taken to ensure GDPR compliance and what you can do to guarantee that your own infrastructure or system is likewise compliant. Read more “AWS GDPR: What You Need to Know”

Data Privacy is in the Spotlight as Colorado Enacts Landmark Consumer Data Privacy Bill (PCDP)

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

Colorado has rightfully gained a reputation as one of the most socially progressive states as it was one of the first to adapt a regulated adult use marijuana marketplace. Now, Colorado is making news headlines again as it has adopted one of the nation’s strictest consumer privacy laws. The Colorado Consumer Protection Act (CCPA) is the result of a continued effort to protect residents’ personal data. Colorado’s law follows in theme with at least thirty-one other states that have heightened security surrounding consumers’ personal data and stands out as one of only twelve states that have imposed broader data security requirements.

Any company or public agency storing a Colorado resident’s personal data will now need a data-protection policy, an efficient breach notification system, and the capability to destroy the data when it is no longer needed. Whether you are a small company of one person or a Fortune 500 company, as long as you have customers in Colorado, you must comply with this new law. And whether or not your business is located in Colorado is irrelevant — what is key is whether you have customers located within the state.

For more details, take a look at the following article written by Kevin Kish, Privacy Technical Lead at Schellman & Company. In this article, Kevin highlights key takeaways from this law, as well as areas in which this law differentiates itself as one of the nation’s strictest data protection laws.

Read more “Data Privacy is in the Spotlight as Colorado Enacts Landmark Consumer Data Privacy Bill (PCDP)”