Since it was enacted in 1996 by the United States government, The Health Insurance Portability and Accountability Act has enforced strict penalties for organizations who fail to provide data privacy and provisions towards safeguarding medical information. More specifically, it demands that the Department of Human Services and Health in the U.S. (HHS) create regulations that protect both the security and privacy of health information.
The Federal Trade Commission (FTC) issued a policy enforcement statement on October 23rd, 2017 that provides new direction on the application of the Children's Online Privacy Protection Rule ("COPPA"). Specifically, they've updated the collection of audio voice recordings online. COPPA compliance applies to operators of online services that are either directed to children under 13 years of age or know they are collecting personal information from children under the age of 13.
Maintaining compliance on every facet of your organization isn't easy. It's especially hard for smaller organizations and start-ups who simply don't have enough revenue to be able to afford a compliance officer. However, the costs of being out of compliance can be far greater and bring more lasting consequences for companies. Below we've outlined some of the biggest costs associated with non-compliance.
Your organization has until December 31, 2017 to implement NIST SP 800-171 if you have contracts with the United States Department of Defense (DoD) or are a subcontractor to a prime contractor with DoD contracts. This requirement is stipulated in the Defense Federal Acquisition Regulation Supplement (DFARS).
Compliance training should be viewed within your organization as one of the most important facets of your company both in terms of legal responsibility as well as operational efficiency. But all too often, compliance training is an afterthought. In today's compliance environment it seems as though there are new regulations penned by the government on a daily basis. Yet too many organizations still cling to their simple read-and-agree policy format for their compliance training. This form of training exposes your organization to threats that could lead to massive government audits.
When dealing with the cyber security of your organization you have to evaluate your legal environment. Are there regulations put into place that can help regulate and maintain a safe and secure work environment? Is there a set policy framework for computer security guidance that will help me assess our cyber security readiness?
If you've been paying attention to our recent posts then you most likely know that we're holding a special webinar event on August, 23rd at 2:00 pm EST. The best part? If you stay for the entirety of the webinar you'll have a chance to win a free 90-day trial of our comprehensive compliance solution, K2 Compliance.
Regardless of the type of business, you are working within it's extremely likely that you utilize the internet in some way. Although one of the best resources in our lifetime, the internet can pose a huge threat to your organization. As a means to combat that threat, it's important that you take and implement certain precautions towards a safe and secure environment. We've taken the time to list 7 steps towards a better cyber security environment.
We live in a world of constant connection. You wake up in the morning and check your phone, link your phone to your car's Bluetooth adapter on your way to work, purchase coffee at your favorite cafe, and connect to the internet in order to do your job's daily responsibilities. From when you woke up to when you got to work you've already used four different device connections without even realizing it. What happens if these connections are forcefully disrupted?
If you are a small business owner, you've probably realized how complex the regulatory environment is. In fact, the Code of Federal Regulations has grown to more than 175,000 pages. Of all of the federal regulations out there, which ones are the most burdensome on small businesses? Below we've listed the five most vexing regulations for small businesses.
Paul McNulty and Stephen Martin of the Baker and McKenzie law firm developed what they call the "Five Essential Elements of a Corporate Compliance Program" that are based upon the best practices set out in the seven elements of corporate compliance. Below we've listed their five elements and why each of them are essential to any corporate compliance program.
Organizations who are not utilizing some form of compliance software or automation technology are more likely to face challenges, audits, and potentially bankruptcy. NAVEX Global surveyed over 1,000 different compliance employees across six different industries. The survey data highlights strategies and challenges with policy management programs and one of the biggest takeaways from the survey were the blatant differences in efficiency between the companies who utilize automated compliance software and those who do not.
Protiviti consulting surveyed 468 chief audit executives and internal audit and finance leaders in an effort to gain insight on how much SOX compliance costs them. The results were interesting, companies spend anywhere from $657,383 to $1,292,000 per year which, believe it or not, is down from last year.
Making sure that your organization is compliant with the many rules and regulations placed on your industry is becoming increasingly important. As more companies begin to understand the importance of compliance, it has started to have a bigger presence in the boardroom. More and more frequently we are starting to see Chief Compliance and Ethics Officers be included in senior-level discussions about corporate strategy.
If you are an IT professional, you're probably one of the busiest employees within your organization. As if you didn't already have enough on your plate, you also have to ensure that your organization is in compliance with some of the biggest regulatory laws (PCI, Sarbanes-Oxley, HIPAA, NIST) in order to keep sensitive material safe. Failure to meet rules and guidelines put into place by compliance standards could lead to a loss of trust, fires, and audits.
The Federal Drug Administration is a federal agency under the United States government that is responsible for protecting and promoting public health through their control and supervision of food safety. As you can imagine, this supervision requires them to put into place many strict regulations that force food, drug, and cosmetic organizations to ensure that what they are offering to customers is safe.