All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010
The Federal Trade Commission announced yesterday that it is seeking public comment on proposed changes to the Children’s Online Privacy Act, which would strengthen the law’s ability to protect children under the age of 13
The new AWS GovCloud Region offers the same high level of security as other AWS Regions and supports existing AWS security controls and certifications such as FISMA, SAS-70 Type II, ISO 27001, FIPS 140-2 compliant end points, and PCI DSS Level 1
Most importantly, the new law PDF available here, courtesy Information Law Group states that notification must be direct. Yes, it can be electronic, but it must provide a way for the notified party to follow up with questions, and give that person a point of contact who represents the company. The company contact must be accessible through toll-free telephone, not just e-mail.
One of the ways our customers can be are assured their data is protected is through third-party audits and certifications. Since 2008, Google Apps has successfully undergone annual SAS 70 Type II audits. This year the SAS70 Type II audit has evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. We’re happy to announce that Google is one of the first major cloud providers to be certified for compliance to these new audit standards.
The cost of achieving regulatory security compliance is on average $3.5 million each year, according to a survey of 160 individuals leading the IT, privacy and audit efforts at 46 multinational organizations
On Tuesday, December 7, the House by voice vote joined the Senate in passage of S.3987, the Red Flag Program Clarification Act of 2010. On November 30, 2010, the Senate passed this legislation by unanimous consent. The bill has been cleared to the White House for signature.
One out of every two IT security professionals spends 50% of the work week on regulatory compliance initiatives, according to a new survey.
Long live SSAE 16 and ISAE 3402!
One of the most misunderstood things about SAS 70 was the fact that it was technically only a valid auditing standard in the United States, even though SAS 70 reports are done for non-US based service providers and are relied upon by businesses and auditors worldwide. However, on or before June 15, 2011, that will change. As of that date, Statement on Standards for Attestation Engagements (SSAE) 16 and International Standards on Attestation Engagements (ISAE) 3402 will replace the venerable SAS 70. SSAE 16 is issued by the American Institute of Certified Public Accountants (AICPA) and ISAE 3402 is issued by the International Federation of Accountants (IFAC).
The National Institute of Standards and Technology has completed its first major reorganization in 20 years. It has reduced the number of laboratories, realigned the remaining ones along mission-based lines and created a more hierarchical leadership structure.
The reorganization, which became effective Oct. 1, replaces the single deputy director under NIST Director Patrick Gallagher with three career associate directors and reduces the number of laboratories from 10 to six. The Information Technology Lab, which includes the Computer Security Division, is one of the six. The realignment does not change the focus of NIST programs or the underlying missions, said IT Lab Director Cita Furlani.