PCI Requirement 12.6 – Implement a Formal Security Awareness Program to Make All Personnel Aware of the CHD Data Security Policy and Procedures

by Randy Bartels / April 5, 2023

 Developing a Security Awareness Program PCI Requirement 12.6 requires that your organization implement a formal security awareness program to make all personnel aware of the cardholder data security policy and procedures. Without compliance with this requirement, how would your program even work properly? If personnel are not educated and aware of their security responsibilities, security safeguards and processes that you’ve worked hard to develop and implement may become ineffective…

PCI Requirement 12.5.5 – Monitor and Control All Access to Data

by Randy Bartels / April 5, 2023

 Someone to Monitor and Control All Access to Data PCI Requirement 12.5.5 states, “Monitor and control all access to data.” Really, this is the whole point of PCI compliance, isn’t it? Without someone formally responsible for monitoring and giving access to cardholder data, that data does not have the protection it needs. Throughout the PCI DSS, it talks about key management, data custodians, and giving access based on a…

GDPR Readiness: Consent, Privacy Policies, and Enforcement

by Sarah Harvey / July 12, 2023

Confusing Aspects of GDPR Are you unsure how to properly collect data subjects’ consent? Have you seen organizations giving data subjects’ different options for giving their consent? In this webinar, Mark Hinely covers the confusing regarding consent, the regulatory developments since the GDPR enforcement date, and significant litigation to note.  How is Consent Being Collected? Consent is considered the most confusing and misunderstood legal basis for processing personal data.…

The Dangers of Remote Cloud Audits

by Sarah Harvey / December 16, 2022

A major area of risk that we’ve recognized is remote cloud audits. We hear many organizations indicate that because they are a cloud-based organization, they do not want or need onsite assessments, but we want to help them avoid this attitude. Let’s be clear: it’s completely inaccurate to say that everything is in the cloud. Why? Let’s find out. Why You Need Onsite Assessments Human error is often the weakest…

When Will You See the Benefit of an Audit?

by Sarah Harvey / February 6, 2023

Are you considering going through an information security audit for the first time? Are you contemplating a requirement for all of your vendors to undergo information security audits? Are you looking for an auditing firm who can help your organization utilize the benefits of auditing? Do you need help explaining the value of information security audits to executive management? Are you trying to cultivate a culture of compliance within your…