News & Analysis as of

Risk Assessment Incident Response Plans Compliance

Mitratech Holdings, Inc

6 Overlooked Strategies That Strengthen ISO 22301 Compliance

When disruption strikes—be it a cyberattack, supply chain failure, or extreme weather—your systems and team’s ability to respond with speed, clarity, and confidence are tested....more

Mitratech Holdings, Inc

IT/DR Plan Spring Cleaning: How to Replace Outdated Policies

Ready to ditch outdated guidelines and adopt a fresh take on your IT Disaster Recovery plans? Spring is the season of renewal, making it the perfect time to refresh not only physical spaces but also strategies and...more

Constangy, Brooks, Smith & Prophete, LLP

Who needs a WISP, and why?

A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more

BakerHostetler

A New Budgetary Line Item for 2025 - New York-based Hospitals Should Plan Now for the Fiscal and Operational Costs Associated with...

BakerHostetler on

On October 2, the New York State Department of Health (NYSDOH) issued new cybersecurity regulations (Regulations) for all general hospitals in New York state (“hospitals”), creating a new Section 405.46 in Title 10 (Health)...more

Goodwin

NYDFS Publishes Guidance on AI-Related Cybersecurity Risks

Goodwin on

On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more

Arnall Golden Gregory LLP

Preparing for the Digital Operational Resilience Act (“DORA”): Key Steps for Payments and Fintech Clients

The Digital Operational Resilience Act (“DORA”), an EU regulation designed to bolster the resilience of financial entities against Information and Communications Technology (“ICT”) risks, entered into force on January 16,...more

Ankura

Navigating the Fallout: Essential Insights for Healthcare Companies in Light of the Change Healthcare Cyber Breach

Ankura on

The cyber breach at Change Healthcare in 2024 stands out as one of the most significant cyber-attacks in recent memory. Its repercussions extend far beyond immediate industry disruptions, resonating deeply in regulatory...more

Burr & Forman

What To Do Before Adopting Generative AI in Your Business

Burr & Forman on

Your business may want to jump on the Generative AI (GAI) bandwagon and discover how your company may become more productive, competitive, reduce costs, and make the most of new technology. There are many intriguing and...more

Davis Wright Tremaine LLP

California Legislature Sends Bills Regulating AI to the Governor

Last week, the California Legislature passed several bills that, if signed by the governor, will regulate how organizations develop, train, and use artificial intelligence (AI) models, systems, and applications. Of these...more

Thomas Fox - Compliance Evangelist

Internal Control Lessons from Star Trek: The Doomsday Machine

Last month, I wrote a blog post on the tone at the top, exemplified in the Star Trek, the Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a...more

Eversheds Sutherland (US) LLP

New York Raises the Bar Again: Revised Cybersecurity Requirements for Financial Services Companies Finalized

On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more

HaystackID

Cybersecurity Experts Urge Responsible AI Adoption, Not Overreliance

HaystackID on

Editor’s Note: This article covers valuable insights on artificial intelligence’s (AI) evolving role in cybersecurity and incident response shared during an expert panel discussion. As cybersecurity, information governance,...more

Health Care Compliance Association (HCCA)

Privacy Briefs: October 2023

Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more

Epiq

Move it or Lose it – With Cyber Breach Response, Time is of the Essence

Epiq on

There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a...more

J.S. Held

Water Cybersecurity? EPA Mandates Regulations to Prevent Cyberattacks on Public Water Systems

J.S. Held on

EPA Aims to Mitigate Risk of Cyberattack on Public Water Systems On March 3, 2023, the U.S. Environmental Protection Agency (EPA) issued its Memorandum Addressing Public Water System (PWS) Cybersecurity in Sanitary Surveys or...more

StoneTurn

5 Tips For Meeting DOJ’s New CCO Certification Requirements

StoneTurn on

The DOJ has signaled that CEO and CCO certifications will become a staple of all corporate settlement agreements. Critics worry CEOs and CCOs face undue personal liability and argue it will dissuade CCOs from accepting the...more

NAVEX

The Complicated Tango of Compliance & Cybersecurity

NAVEX on

A ransomware attack is no company’s idea of a good time, but I do sense one positive development emerging from the epidemic of attacks we’ve witnessed this year: Boards and senior management agree that they must move beyond a...more

Oberheiden P.C.

5 Keys to Performing A GLBA Audit

Oberheiden P.C. on

Purpose and Background of the GLBA - The Gramm-Leach-Bliley Act (“GLBA”), also known as the Financial Services Modernization Act of 1999, is a federal statute enacted by Congress in 1999 that requires financial...more

Society of Corporate Compliance and Ethics...

The coronavirus provides an opportunity to hone crisis response plans for the next big challenge

Report on Supply Chain Compliance 3, no. 4 (February 20, 2020) - The coronavirus that has, at the time of writing, infected more than 40,000 people around the world and killed more than 1,000, is also ravaging...more

Health Care Compliance Association (HCCA)

[Event] Regional Compliance & Ethics Conference - February 27th - 28th, Anchorage, AK

Our Regional Compliance Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational opportunities for...more

The Volkov Law Group

Living in the Cloud: Practical Approaches to Cybersecurity Risks (Part III of III)

The Volkov Law Group on

Businesses are increasingly relying on the cloud to store confidential and sensitive information.  One-third of information technology budgets are used for cloud services.  Rapid growth in cloud storage is expected over the...more

The Volkov Law Group

Managing Third-Party Vendor Cybersecurity Risks (Part II of III)

The Volkov Law Group on

We all know that businesses rely on a large number of third-party vendors to support their business operations.  Many of these third parties require access to a company’s data and its internal information and technology...more

NAVEX

Turning Passive Detection into Active Incident Management

NAVEX on

Effective incident management programs do not just exist, they are celebrated. The best programs achieve this by operationalizing their incident management programs into their organization’s DNA. This turns passive reporting...more

Baker Donelson

OIG Work Plan – September 2017 Update

Baker Donelson on

Beginning in June 2017, the OIG began making monthly Work Plan updates. These monthly updates create some practical challenges for health care providers and compliance professionals trying to make operational and compliance...more

NAVEX

The Chemistry of Compliance: Finding the Perfect Blend of Incident Reporting, Training and Case Management

NAVEX on

Just about any compliance officer knows that reporting, training, and case management are three indispensable elements of an effective compliance program....more

31 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide