Companies can easily underestimate the investment required to meet compliance. Thinking compliance is a one-and-done activity that you can skate by with minimal spend only sets you up for unpleasant surprises later on. Compliance can be a long, drawn-out process, involving everyone including HR, finance, security, and leadership. So it’s important to look at all the costs up front in order to set aside a realistic budget.
A good way to approach compliance is to treat it like a new product launch. You’ll need a dedicated project team, new technology, a reasonable budget, and more to get it off the ground.
Read more “Budgeting for a Compliance Audit: A Practical Framework”
The Threat Stack Compliance Playbook for Cloud Infrastructure is now available!
The Compliance Playbook is intended for readers who want to understand what’s involved in becoming compliant in a cloud environment — without getting caught up in the details and complexity that the compliance process is well known for.
Read more “The Compliance Playbook: How to Build PCI & HIPAA Compliant Businesses in the Cloud”
Amazon Web Services (AWS) has pioneered the Shared Responsibility Model in the cloud. Basically, this model outlines how cloud service providers and consumers of these cloud-based services should share responsibilities when it comes to ensuring security in the cloud. AWS and other cloud service providers (CSPs) are responsible for ensuring that cloud infrastructure is secure. Meanwhile, companies (those using the cloud services) are responsible for their data, networks, applications, and operating systems — anything they own that lives in the cloud.
Read more “The Impact of the Cloud’s Shared Responsibility Model on Compliance”
We’ve been talking a lot about compliance lately. That’s because, as more businesses are moving to the cloud and storing internal and customer data there, the means to achieving compliance change significantly. But it’s not the approach to compliance that changes in the cloud, it’s the tooling, as we explained in our post How Does Compliance Differ In The Cloud Versus On-Premise? So as more businesses move to the cloud or operate hybrid environments, we want to help them become clear about what they need to do and, for the purpose of this post, when they need to do it.
Read more “Why You Need to be Compliant Much Sooner Than You Think”
The Office of Civil Rights (OCR) has been alluding to a large-scale HIPAA audit for quite some time now — and it looks like that threat will soon come to pass.
Read more “Can You Afford NOT To Be HIPAA Compliant?”
Compliance would be challenging even if it were a black and white issue. The reality is that compliance regulations, such as PCI DSS and HIPAA, are really just a string of requirements open to interpretation. The definitions of each requirement can vary, sometimes quite a bit, from auditor to auditor or from company to company. Today, even the auditors are getting audited in an effort to ensure that the application of compliance regulations is as uniform as possible.
Read more “How to Reconcile Different Definitions of PCI DSS and HIPAA Compliance”
With 253 healthcare breaches in 2015 for a total of 112 million lost records, HIPAA compliance has never been more relevant. Meanwhile, 80 percent of businesses fail their PCI compliance assessments.
As a business, whether you’re storing patient records or processing customer credit card data, chances are the government or your customers (or, many times, both) require you to meet some sort of compliance standards. And it ain’t easy.
Read more “How Does Compliance Differ In The Cloud Versus On-Premise?”
Twine Health is a SaaS-based healthcare platform that connects patients and providers to enable collaborative care. We do business with entities as small as solo practitioners up to some of the largest healthcare organizations, which means we need to meet a wide range of security and compliance requirements in order to serve our customers.
Read more “How Twine Health Ensures Complete PHI Security and Privacy: Going Beyond HIPAA Checkboxes”
Often companies think of compliance as an annoying imposition — something to grin and bear. And while achieving compliance is not always a cakewalk, the upside of doing so can be huge. Whether you are interested in starting a company, entering a new market, or winning new customers, achieving compliance can be a major business driver. Here’s why it’s beneficial to your bottom line to think about compliance in this way.
Read more “How Compliance in the Cloud Can Strengthen Your Business”
PCI DSS. HIPAA. SOC 2. SOX 404. Compliance can be a complicated and confusing beast, with plenty of acronyms and layers of regulations — not to mention expenses and stress. But achieving compliance in the cloud can also be the key to unlocking new sources of revenue, winning business, and achieving success in today’s competitive business environment.
Read more “Announcing Threat Stack’s Compliance Blog Post Series”