Given the international reputation of ISO standards, ISO 14001 certification represents a great option for organizations seeking to prove their commitment to sustainability. To achieve certification of your environmental management system (EMS), however, you must meet the framework’s holistic requirements regarding environmental issues.

While the rapid pace at which artificial intelligence (AI) technology has been both developing and impacting several areas of our daily lives continues, so do the concerns about the tech’s safety, privacy, and bias. As there’s no stopping the ongoing integration of AI, organizations are now wondering what they can do to ease those concerns, and the answer is simple—start with protecting your data.

Back in 2018, the French government introduced—by way of its Public Health Code (Article L.1111-8)— HDS certification, mandating that all entities hosting personal health data must successfully achieve certification. Now, in 2024, they’ve published a new HDS framework with changes, expositions, and removals of language that organizations affected will need to know in order to comply.

Now that the deadline for the CISA Secure Software Development form is quickly approaching, organizations are working to ensure they get their attestation in order—that includes FedRAMP Cloud Service Providers (CSPs).

Perhaps believing they’re simply too small for the government to consider, some smaller healthcare providers will choose to either fly under the radar or hope that regulators of the Health Insurance Portability and Accountability Act (HIPAA) won’t notice their lack of correct processes and controls. However, this likely won’t work—in fact, over 55% of HIPAA fines in 2022 were levied against small practices.

If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.

One of many different kinds of cyber attack, phishing involves a message—sent by email or otherwise—where a malicious actor purports to be reputable in some way to convince individuals to reveal personal information that the criminal can then exploit for gain.

With the deadlines for the newly incorporated Cybersecurity Infrastructure and Security Agency (CISA) Secure Software Development Attestation Form looming, organizations supplying government-used software must get their ducks in a row to ensure compliance with these requirements.