Tag Archives: compliance

Agency to deliver shared governance, risk compliance service

CenITex, the Victorian Government’s shared services IT agency, will adopt a new IT governance, risk and compliance (ITGRC) package to improve its information security function.

via Agency to deliver shared governance, risk compliance service.

Google Apps and Google App Engine complete SSAE-16 audit

One of the ways our customers can be are assured their data is protected is through third-party audits and certifications. Since 2008, Google Apps has successfully undergone annual SAS 70 Type II audits. This year the SAS70 Type II audit has evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. We’re happy to announce that Google is one of the first major cloud providers to be certified for compliance to these new audit standards.

via Official Google Enterprise Blog: Security First: Google Apps and Google App Engine complete SSAE-16 audit.

AHA urges changes to proposed rule for PHI disclosures

The Department of Health and Human Services should not require hospitals and other entities covered by the Health Insurance Portability and Accountability Act to provide to individuals on request a report detailing all internal disclosures of their personal health information from electronic designated record sets, the AHA told the department in a letter today. AHA said the proposal, included in a proposed rule modifying the HIPAA privacy rule under the HITECH Act, fails to meet the law’s requirement to “appropriately balance the relevant privacy interests of individuals with the substantial burdens on covered entities, including hospitals.” The association urged HHS to withdraw the proposal and “reissue a request for information aimed at better reflecting the statutory requirements, the technological realities, and better alignment of the regulation’s effectiveness with the compliance burdens.” While generally endorsing the rule’s proposed accounting of disclosures revisions, AHA urged additional changes to ensure a proper balance of the value of the information to patients with the burdens to covered entities of producing it. AHA also urged HHS to retract the rule’s preamble commentary about the HIPAA security rule in order to reflect longstanding department guidance.

via AHA urges changes to proposed rule for PHI disclosures.

Free tool to find Credit Card numbers for #PCI Comlpliance


ControlCase Data Discovery enables large and small businesses and organizations to find credit and debit card information that could be stored in their systems in violation of the Payment Card Industry (PCI) Data Security Standard (DSS) Finding credit card data is one of the key and initial steps needed for compliance


via ControlCase Data Discovery » Downloads.

Small merchants make up lion’s share of credit card breaches

Smaller merchants tend to rely on their acquirer or independent sales organization (ISO) to initiate PCI DSS compliance validation. Without directive or enforcement of such initiatives, many will forgo basic steps to protect their networks and their customers’ cardholder data because they feel they do not have the time or the proper resources, or they’re just not aware of the requirement, the survey found.

via Infosecurity (USA) – Small merchants make up lion’s share of credit card breaches.

HHS Puts Industry On Notice: OCR Is Serious About HIPAA Enforcement

HHS has now sent a clear message to entities bound by HIPAA – HIPAA must be taken seriously. Indeed, in the HHS press release related to the Mass General incident, OCR Director Georgina Verdugo indicated that entities bound by HIPAA must ensure they have an effective compliance plan in place in order to avoid enforcement penalties. Specifically, Verduga stated, “[w]e hope the health care industry will take a close look at this [Mass General Resolution] agreement and recognize that OCR is serious about HIPAA enforcement.

via United States, Pharmaceutical, Healthcare & Life Sciences, HHS Puts Industry On Notice: OCR Is Serious About HIPAA Enforcement – McGuireWoods LLP – 03/03/2011, Healthcare.

#PCI Compliance Concerns Driving Adoption of Encryption

According to a survey recently unveiled by the Ponemon Institute, a new factor is driving adoption of encryption technologies by merchants. For the first time in the six years of the U.S. Enterprise Encryption Trends survey, more businesses emphasized the meeting of PCI DSS requirements as a factor for adopting encryption technology. Previously the primary motivation to adopt data security technologies was to protect against security breaches.

via PCI Compliance Concerns Driving Adoption of Encryption.

New #PCI Compliance Stats Show Little Change

The latest PCI compliance reports (data current as of Dec. 31, 2010) show little change for Level 1 and Level 2 merchants, with each group holding at 96 percent. Level 1 had been at 96 percent for months, but the number of retailers in that group jumped from 358 to 377 (since the prior report in June 30, 2010). Level 2 had been at 95 percent, so the 96 percent figure reflects a slight increase. The number of merchants in Level 2, however, dropped from 894 to 881. So if even a few of those 13 retailers had been non-compliant, that could explain the bump up to 96 percent.

via StorefrontBacktalk » Blog Archive » New PCI Compliance Stats Show Little Change.