PCI Requirement 12.5.5 – Monitor and Control All Access to Data

by Randy Bartels / April 5, 2023

 Someone to Monitor and Control All Access to Data PCI Requirement 12.5.5 states, “Monitor and control all access to data.” Really, this is the whole point of PCI compliance, isn’t it? Without someone formally responsible for monitoring and giving access to cardholder data, that data does not have the protection it needs. Throughout the PCI DSS, it talks about key management, data custodians, and giving access based on a…

GDPR Readiness: Consent, Privacy Policies, and Enforcement

by Sarah Harvey / July 12, 2023

Confusing Aspects of GDPR Are you unsure how to properly collect data subjects’ consent? Have you seen organizations giving data subjects’ different options for giving their consent? In this webinar, Mark Hinely covers the confusing regarding consent, the regulatory developments since the GDPR enforcement date, and significant litigation to note.  How is Consent Being Collected? Consent is considered the most confusing and misunderstood legal basis for processing personal data.…

The Dangers of Remote Cloud Audits

by Sarah Harvey / December 16, 2022

A major area of risk that we’ve recognized is remote cloud audits. We hear many organizations indicate that because they are a cloud-based organization, they do not want or need onsite assessments, but we want to help them avoid this attitude. Let’s be clear: it’s completely inaccurate to say that everything is in the cloud. Why? Let’s find out. Why You Need Onsite Assessments Human error is often the weakest…

When Will You See the Benefit of an Audit?

by Sarah Harvey / February 6, 2023

Are you considering going through an information security audit for the first time? Are you contemplating a requirement for all of your vendors to undergo information security audits? Are you looking for an auditing firm who can help your organization utilize the benefits of auditing? Do you need help explaining the value of information security audits to executive management? Are you trying to cultivate a culture of compliance within your…

How Does GDPR Impact the Marketing Industry?

by Sarah Harvey / February 6, 2023

GDPR Implications for Marketing What does GDPR mean for marketing? We’re worried that not enough business leaders and marketers have heard of GDPR or have prepared for this radical privacy law because of a common misconception that GDPR is for lawyers and information security teams. But GPDR is more than a data privacy law: GDPR is a mandate that affects how organizations market, collect, use, and store consumers’ personal data,…