All organizations need well-managed policies and procedures. Your policies and procedures are the first line of defense against risk, and they help your organization run smoothly. Is your policy management process effective? Is it up-to-date? Now is a good time to review your policy management process. We've created a three-part webinar series to help you.
Protecting ePHI or electronic Protected Health Information should be a top priority for your organization or you'll soon face huge fines from government entities. Recently, 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 million to the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) and adopt a comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.
To define malware, it is malicious software coded with the intent of causing harm to a user, system, or a network. Although malware is nothing new, the rate at which it continues to evolve into new invisible forms of threats should raise the alarm for many businesses. It's important that your organization's staff understands the threat that malware poses and the difference between each form of malware.
Since it was enacted in 1996 by the United States government, The Health Insurance Portability and Accountability Act has enforced strict penalties for organizations who fail to provide data privacy and provisions towards safeguarding medical information. More specifically, it demands that the Department of Human Services and Health in the U.S. (HHS) create regulations that protect both the security and privacy of health information.
The Federal Trade Commission (FTC) issued a policy enforcement statement on October 23rd, 2017 that provides new direction on the application of the Children's Online Privacy Protection Rule ("COPPA"). Specifically, they've updated the collection of audio voice recordings online. COPPA compliance applies to operators of online services that are either directed to children under 13 years of age or know they are collecting personal information from children under the age of 13.
Maintaining compliance on every facet of your organization isn't easy. It's especially hard for smaller organizations and start-ups who simply don't have enough revenue to be able to afford a compliance officer. However, the costs of being out of compliance can be far greater and bring more lasting consequences for companies. Below we've outlined some of the biggest costs associated with non-compliance.
Your organization has until December 31, 2017 to implement NIST SP 800-171 if you have contracts with the United States Department of Defense (DoD) or are a subcontractor to a prime contractor with DoD contracts. This requirement is stipulated in the Defense Federal Acquisition Regulation Supplement (DFARS).
Compliance training should be viewed within your organization as one of the most important facets of your company both in terms of legal responsibility as well as operational efficiency. But all too often, compliance training is an afterthought. In today's compliance environment it seems as though there are new regulations penned by the government on a daily basis. Yet too many organizations still cling to their simple read-and-agree policy format for their compliance training. This form of training exposes your organization to threats that could lead to massive government audits.
When dealing with the cyber security of your organization you have to evaluate your legal environment. Are there regulations put into place that can help regulate and maintain a safe and secure work environment? Is there a set policy framework for computer security guidance that will help me assess our cyber security readiness?
If you've been paying attention to our recent posts then you most likely know that we're holding a special webinar event on August, 23rd at 2:00 pm EST. The best part? If you stay for the entirety of the webinar you'll have a chance to win a free 90-day trial of our comprehensive compliance solution, K2 Compliance.
Regardless of the type of business, you are working within it's extremely likely that you utilize the internet in some way. Although one of the best resources in our lifetime, the internet can pose a huge threat to your organization. As a means to combat that threat, it's important that you take and implement certain precautions towards a safe and secure environment. We've taken the time to list 7 steps towards a better cyber security environment.
We live in a world of constant connection. You wake up in the morning and check your phone, link your phone to your car's Bluetooth adapter on your way to work, purchase coffee at your favorite cafe, and connect to the internet in order to do your job's daily responsibilities. From when you woke up to when you got to work you've already used four different device connections without even realizing it. What happens if these connections are forcefully disrupted?
If you are a small business owner, you've probably realized how complex the regulatory environment is. In fact, the Code of Federal Regulations has grown to more than 175,000 pages. Of all of the federal regulations out there, which ones are the most burdensome on small businesses? Below we've listed the five most vexing regulations for small businesses.
Paul McNulty and Stephen Martin of the Baker and McKenzie law firm developed what they call the "Five Essential Elements of a Corporate Compliance Program" that are based upon the best practices set out in the seven elements of corporate compliance. Below we've listed their five elements and why each of them are essential to any corporate compliance program.
Organizations who are not utilizing some form of compliance software or automation technology are more likely to face challenges, audits, and potentially bankruptcy. NAVEX Global surveyed over 1,000 different compliance employees across six different industries. The survey data highlights strategies and challenges with policy management programs and one of the biggest takeaways from the survey were the blatant differences in efficiency between the companies who utilize automated compliance software and those who do not.
Protiviti consulting surveyed 468 chief audit executives and internal audit and finance leaders in an effort to gain insight on how much SOX compliance costs them. The results were interesting, companies spend anywhere from $657,383 to $1,292,000 per year which, believe it or not, is down from last year.