4 Min Read December 3, 2019

Lessons Learned From Lola: Demonstrating PCI Compliance in a Cloud-Native, Containerized Environment

Lola.com initially became PCI compliant about a year ago, and this fall completed a successful PCI audit. Recently Katie Paugh, Lola’s Senior DevOps Engineer, took part in a webinar with Threat Stack to discuss their experiences and share key lessons they’ve learned in how to adapt and implement PCI.

5 Min Read November 12, 2019

HIPAA Compliance Tips & Best Practices — Training Considerations

What kind of training does your organization need to support HIPAA compliance? A good way to start answering this question is to reference the Department of Health & Human Services (HHS)’s own words: “The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with […]

7 Min Read October 29, 2019

HIPAA Compliance Tips & Best Practices — Factors to Consider When Developing Effective Policies & Procedures

Our last post on HIPAA compliance — HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge — provided expert insights that are designed to help healthcare providers and business associates develop their foundational knowledge of HIPAA regulations and requirements. Today’s post offers insights into how an organization can achieve effective governance by translating […]

11 Min Read October 22, 2019

HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge

The last few years have seen a number of failures in the field of HIPAA compliance and fines that would put many smaller-scale practices out of business. While an increase in the use and sharing of electronic patient data accounts for many HIPAA compliance issues, the bottom line is that too many organizations are leaving […]

5 Min Read October 16, 2019

NYDFS Cybersecurity Regulation: Two Years Later, Let’s Check-In

Introduction  — by Lindsey Ullian, Threat Stack Compliance Manager Back in 2017, we brought our readers up to date on NYDFS Cybersecurity Regulation (23 NYCRR 500), a new set of regulations introduced by the New York Department of Financial Services (NYDFS). For many of us, other compliance frameworks such as the GDPR, have held more […]

4 Min Read Updated September 17, 2019

4 Things You Need to Know About SOC 2 Compliance

Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding in the cloud, and then take into account the proliferation of cloud-based security threats, compliance can be a little dizzying. We’re here to break down the complexities of compliance requirements for you, starting with SOC 2. […]