How Does GDPR Impact the Marketing Industry?

by Sarah Harvey / February 6, 2023

GDPR Implications for Marketing What does GDPR mean for marketing? We’re worried that not enough business leaders and marketers have heard of GDPR or have prepared for this radical privacy law because of a common misconception that GDPR is for lawyers and information security teams. But GPDR is more than a data privacy law: GDPR is a mandate that affects how organizations market, collect, use, and store consumers’ personal data,…

Common Gaps in Vendor Compliance Management

by Sarah Harvey / June 13, 2023

Effective Vendor Risk Management An effective risk management strategy includes a strategic process for assessing and monitoring vendor compliance. Some vendors go to great lengths to secure their services and processes, but others may leave you with consequences to pay. Vendors need to prove what they are doing to reduce risk to you and your customers. You’re putting a great deal of control into the vendors' hands, so managing vendor…

What is GDPR Personal Data and Who is a GDPR Data Subject?

by Sarah Harvey / December 16, 2022

Two of the most frequent questions asked about GDPR, especially from non-EU-based organizations, are: What is GDPR personal data? Who is a GDPR data subject? If you’ve been asking these questions but can’t seem to find a clear answer, you are not alone. The answer to these questions can determine whether or not GDPR applies to your organization and to what extent it applies. Let's take a closer look at…

PCI Requirement 11.6 – Ensure Security Policies and Procedures for Security Monitoring and Testing are Documented, in Use, and Known to All Affected Parties

by Randy Bartels / December 16, 2022

 Implement Policies and Procedures PCI Requirement 11 states, “Regularly test security systems and processes.” Complying with PCI Requirement 11 is critical to ensuring that you’ve adequately secured your systems. For this requirement, we’ve discussed how to test your systems and processes, which includes vulnerability scanning, penetration testing, change-detection, and more. But, as we’ve learned, it’s not enough just to learn and talk about these things. All policies, procedures, and…

PCI Requirement 11.5.1 – Implement a Process to Respond to Any Alerts Generated by the Change-Detection Solution

by Randy Bartels / December 16, 2022

 Responding to Alerts PCI Requirement 11.5.1 works in tandem with PCI Requirement 11.5. When your change-detection mechanism gives you an alert, you must have a process in place to respond to that. PCI Requirement 11.5.1 states, “Implement a process to respond to any alerts generated by the change-detection solution.” During the assessment process, your staff will be interviewed to ensure that all alerts are investigated and resolved. Keeping in…