Posts Tagged ‘compliance’

As we continue our series of posts on making HIPAA work for you, I am going to address a common problem we hear from health care marketers: “My board/boss/CMO/Legal Counsel says we cannot use patient data for marketing communications.” This is a tough one. Truly, your board of directors and your legal counsel are going […]

DevOps teams routinely deal with the most sensitive needs of an organization: security, governance, and compliance. However, not every organization is on the same page when it comes to DevOps, which can leave developers feeling overwhelmed and overworked. Sonatype recently released findings from its seventh annual DevOps Community Survey that examines the differences between mature […]

Secure software practices are at the heart of all system development; doubly so for highly regulated industries such as health-care providers.  Multiple regulatory controls are required for the custodianship of patient and customer data, creation of secure software systems, governance of development environments, and ensuring proper management of audit information. As a best-practice it is […]

In my previous post, DevSecOps and Release Coordination, I introduced the idea of four key players in the DevSecOps mediated release management process. The idea is to consolidate the validation and approval steps from a “gated” process, and shift the actual work of validation earlier in development. In this post, we will explore the role […]

In my previous post on Cloud Resources – Policy and Practice, I referenced the “shared security model” adopted by all cloud providers. In this post, we will dive deeper into the differences and consequences of sharing the responsibility for securing computing resources, applications, data, and networks. Whether your organization is extending into cloud-based resources or […]

Whether your company has 10 people or 10,000 people, security measures need to be in place to ensure a safe, secure, and compliant environment for your end users. Many companies will often be required to adhere to certain security regulations and compliance standards but rest assured Microsoft has your back.  Microsoft understands this need for […]

Compliance with the CCPA requires robust processes for identifying, governing, distributing, and securing consumer personal information. The first steps are to document the current usage of this information: Data inventory: Generate lists of personal data related to clients, investors, employees, counter parties, prospects and other entities. Data recipients: Compile a list of entities, such as […]

On 25th May 2018, everybody woke up to find their inbox “spammed” with mails from companies about redefining their data privacy policies containing the term GDPR. Every site that one logged into had a pop up, “We have updated our Data Privacy Policy”. So, what is this all about? Small Word, Big Impact It is […]

Compliance with the CCPA will be challenging because it represents major changes in how financial institutions conduct their business. DATA DISPERSION Consumer personal data is often scattered across multiple internal platforms and shared with many third parties. Firms may not have a full picture of where this information is stored and how it is controlled. […]

This is the final post in our series on maintaining regulatory-compliant IT systems in the cloud. In this post, we’ll go over the key takeaways from the series and then we’ll send you on your way! Regardless of how much control you have over your IT systems, if you are using them for regulatory purposes, […]

As we’ve learned in the previous posts in this series, having a thoughtful, thorough cloud vendor qualification process and intelligent SLAs in your cloud vendor contracts will help you maximize the value of the cloud while maintaining regulatory compliance. In addition, here are some tips and best practices to help you knock it out of […]

In my previous post in this series, we discussed how to qualify cloud vendors. Once that process is complete, the second step to maintaining compliance is to document your specific regulatory requirements in a contract with the cloud vendor, usually in the form of service-level agreements (SLAs). In this blog post, I include a range […]