Compliance Management
Compliance Frameworks
PCI Compliance
Created by the Payment Card Industry Security Standards Council (PCI SSC), entails 12 requirements merchants must fulfill in order to process and store cardholder data safely. In order to remain compliant, merchants must build and maintain secure networks, protect cardholder data using vulnerability management programs, implement strong access control measures, regularly test networks and maintain an information security policy.Read More
HIPAA Compliance
HIPAA Compliance refers to a set of security guidelines established by the Health Insurance Portability and Accountability Act of 1996 for protecting patient health data privacy. Organizations handling sensitive patient information like hospitals or insurers must keep it protected from unwarranted access by adopting policies and procedures designed to secure its safe sharing, while regular training on HIPAA regulations must also take place within their organization.Read More
GDPR Compliance
In May 2018 the European Union introduced regulations which safeguard individuals' personal information by setting specific guidelines on how companies collect and use it. These rules apply even if your company or organization is located outside the EU, yet still processes personal data within it - which means any business hosting websites or storing customer data may need to comply with GDPR at some point in the future. To comply with GDPR, businesses must devise a comprehensive privacy policy detailing what types of data you collect, how you store/use/share it and who's accountable for overseeing these practices; in addition to updating consent forms so their explicit permission has been obtained before collecting any personal information from customers.SOC 2 Compliance
Developed by AICPA (American Institute of Certified Public Accountants), ensures cloud service providers can effectively protect customer's confidential data stored on their systems from being misused, mis-used or disclosed without authorization - such as availability, integrity, confidentiality, privacy & process integrity & reliability. Service Organization Control (SOC) should have implemented appropriate technical & organizational measures & adhered to industry standards in order to achieve SOC 2 Compliance. To do this successfully organizations should implement appropriate policies&procedure and adhere to industry standards so as not to allow unauthorized access, misuse or disclosure of any user data which may cause misuse or disclosure without authorization.Read More