Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Download Slide Deck: ▸ Here Can Developers Benefit from Regulatory Compliance? Effectively SMBs and government programs must address compounded regulatory compliance requirements. The most recent are Controlled Unclassified Information and the EU's GDPR have Board Level implications. Managing sensitive data protection will likely result in acquisition criteria, demonstration requests and new requirements. Developers, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by incorporating changes. Download Slide Deck: ▸ Here In her session at 19th Cloud Expo, Maria C. Horton, Founder and CEO of EmeSec Incorporated, discussed how addressing the new liabilities of Sensitive Data Tracking for GDPR and CUI via code design can reap huge benefits for organizations and for developers that do just th... (more)

Compliance and Security | @CloudEXPO #Cybersecurity #GDPR #ArtificialIntelligence

Compliance and Security: The Real Drivers of Cloud, IoT, and AI Outsourcing and Performance In 2018, the shifting emphasis to IoT, Artificial Intelligence (AI), virtual reality (VR) and automation seem to overshadow cloud; yet, I believe it is just the opposite.  A recently published industry survey shows that by 2020, the use of public cloud will grow dramatically.  Business goals related to actively adopting AI, IoT and machine learning strategies are prompting IT teams to consider outsourced cloud and cloud experts to move faster than competitors. The formats and pilots incorporating these technologies can be seen across multiple markets and segments including government, retail, and industrial bases.  The use of AI, VR, and IoT is also driving the technology, compliance and cybersecurity markets necessary to support these innnovations. For example, nowadays the... (more)

Are You Ready for #GDPR? | @CloudEXPO @CalligoCloud #Serverless #DataCenter #Compliance

Download Slide Deck: ▸ Here Are You Ready for GDPR (The EU General Data Protection Regulation)? In his general session at 21st CloudEXPO, Greg Dumas, Calligo's Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Download Slide Deck: ▸ Here Speaker Bio Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo's customers are typically most concerned about GDPR compliance, application performance guarantees & data privacy. Download Slide Deck: ▸ Here Greg has over 25 years of experience as an international sales, marketing & operations executive. His background has focused primarily on virtualization and internet securit... (more)

Auto Compliance | @CloudExpo @CloudRaxak #Storage #BigData #DataCenter

Click Here to Download Guide Now! Cloud computing delivers on-demand IT resources that provide businesses flexibility. The challenge is the cost and complexity of cloud security compliance (PCI, HIPAA, FFIEC). Raxak Protect automated cloud security enables cloud apps to be deployed quickly and cost-effectively. Get the guide to decreasing your security costs up to 50% through automated cloud security. How to Secure Cloud Applications through Automated Compliance Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of manag... (more)

Avoiding Compliance Risk with Better Access Management | @CloudExpo #Cloud #Security #Compliance

Avoiding Compliance Risk with Better Access Management Networks have become large, complex entities that are increasingly difficult to manage and control. Security, audit, risk and compliance professionals know that their organizations rely on them for effective risk management, control and governance processes that are essential to the safety of their network environment. Yet compliance and security are more challenging than ever before as additional layers are added to this environment. One of the challenges lies in the fact that there is an ongoing, huge access gap in network security and compliance - and it has been residing within the environment for more than 20 years. This tool, known as the Secure Shell (SSH) protocol, grants privileged access to all types of production environments. A Problem Gaining Attention The problem is propagated by a lack of awareness... (more)

The HIPAA Final Rule and Staying Compliant in the Cloud

The HIPAA Omnibus Final Rule went into effect on March 26, 2013.  In order to stay compliant, the date for fulfilling the new rules is September 23, 2013, except for companies operating under existing “business associate agreements (BAA),” may be allowed an extension until September 23, 2014. As healthcare and patient data move to the cloud, HIPAA compliance issues follow.  With many vendors, consultants, internal and external IT departments at work, the question of who is responsible for compliance comes up quite often.  Not all organizations are equipped or experienced to meet the HIPAA compliance rules by themselves.  Due to the nature of the data and the privacy rules of patients, it is important to secure the data correctly the first time. HIPAA and the Cloud Do you have to build your own cloud HIPAA compliance solutions from scratch?  The short answer is no. ... (more)

Compliance in the Cloud at Cloud Expo Silicon Valley

Cloud Expo Silicon Valley $800 Savings here! More and more enterprises consider Infrastructure as a Service (IaaS) part of their overall IT strategy, leading to questions around compliance and security. In his session at the 7th International Cloud Expo, Davi Ottenheimer will answer these questions including where does data reside and how is it being protected? Has the service provider gone through specific compliance audit controls for their data center and infrastructure? What control over access is given to my environment? How is role-based access managed? And how are security and firewall policies managed? Explore Cloud Expo Sponsorship & Exhibit Opportunities ! Speaker Bio: Davi Ottenheimer has more than 16 years ofexperience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is an exp... (more)

Cloud Computing: SAP Launches Next-Generation of GRC Software

"As organizations grow, they must manage different types of risks and controls to be successful," said Paul Proctor, vice president and distinguished analyst, Gartner. "They also have to overcome the challenges of increasing audit and regulatory requirements in distributed environments. GRC management software can help companies succeed by automating traditionally manual processes to identify and manage risk so the organization can pursue new opportunities." SAP on Wednesday announced the availability of its newest release of governance, risk and compliance (GRC) software, providing a single, unified environment for the most comprehensive support for management, monitoring and analysis of enterprise risk and compliance activities. Nearly three years in the making, the new release integrates GRC capabilities into everyday business processes, helping make risk manage... (more)

Porticor Engages Open Source Communities, Joins Red Hat Innovate Program

Porticor announced it has joined the Red Hat Innovate program, and will be now be able to access the openness and collaborative nature of open source communities and enjoy the benefits of Red Hat software. Porticor plans to offer a new end-to-end cloud data security based on Red Hat. By participating in the Red Hat Innovate initiative, one can align their start-up with Red Hat’s marketing and investing activities and continue enjoying the open source software they have already deployed. Partners can directly influence open source community adoption that supports their business. Porticor explained its new Porticor Virtual Private Data (VPD) combines state of the art data encryption with patented homomorphic split-key management to offer the most secure, cost-effective solution for the preservation of data in various cloud infrastructures, and maintain compliance to... (more)

Coalfire Launches Online Exchange for HIPAA Compliance and Risk Management

Coalfire has launched HIPAAcentral, a new compliance exchange that provides a comprehensive suite of services for covered entities and business associates and their subcontractors to manage, maintain and exchange healthcare regulatory compliance data. "The U.S. Department of Health and Human Services is now actively monitoring and enforcing the HIPAA Omnibus Rule, and too many healthcare firms aren't prepared," said Rick Dakin, CEO and co-founder of Coalfire. "HIPAAcentral is closing that gap by enabling subscribers to securely exchange and verify compliance status." HIPAAcentral simplifies compliance management by providing vendor risk management tools, training, templates, and third-party validation services, plus an online compliance registry and knowledge exchange. The service, which is available by subscription to both covered entities (CEs) and business ass... (more)

Software Testers Too Need a Black Box

Recording and maintaining good evidence of testing is growing more important all the time. The ability to document what actually happened during the development of hardware or software is vital in many industries. Medical equipment is a great example, as any failure could lead to unexpected complications or even death. In the event that this occurs, auditors must be able to review the original manufacturing process and track the usage and maintenance of the machine during its lifecycle. Evidence of testing importance can be neatly summed up by considering the difference between an eyewitness memory and a video of an event. Our expectations and our circumstances can exert a great deal of influence on our recollections. Testers frequently note down what they were expected to do, rather than what they actually did. Do you record and maintain complete evidence of your ... (more)