In January 2024, the AI Governance Alliance—an arm of the World Economic Forum (WEF)— released a series of three papers covering several important artificial intelligence (AI) topics:

m;These days, to survive amidst the fierce competition of online commerce, merchants must prove they can safeguard sensitive cardholder data, and that means attaining and maintaining PCI compliance. And while the Self-Assessment Questionnaire (SAQ) A is often considered one of the more appealing routes to achieving that compliance, PCI DSS v4.0 has added new requirements to the SAQ A regarding Approved Scanning Vendor (ASV) scans.

On February 23, 2024, ISO (along with the International Accreditation Federation (IAF)) published short amendments to all standards aligned with its Harmonized Structure. In the form of new requirement language and one additional note, ISO has now adapted climate change concerns as considerations for a wide range of popular certifications.

Amidst the evolving patchwork of data protection and privacy legislation in the United States, privacy remains a top priority for organizations. But protecting privacy also requires resources, and while not all organizations have that much to spare, it is possible to make do with only a small, dedicated team.

Trying to keep up with the rapidly emerging and evolving governance of AI? Struggling to figure out how to address customer misgivings about your AI systems?

As part of the fight against the effects of climate change, a global effort has been kickstarted to reduce the use and production of hydrofluorocarbons (HFCs) due to their high global warming potential (GWP). For their part in this HFC phasedown, the Environmental Protection Agency (EPA) is asking organizations to report their HFC allowance, and the deadline to do so is May 31, 2024.

If you’re considering undergoing a FedRAMP High Assessment, you must understand that this is the most rigorous baseline among the standard FedRAMP options, making it a daunting—if necessary—endeavor. What would likely help is knowing what’s coming in more detail so that you can better prepare.

Incident response has always been an important component of PCI DSS—in Requirement 12.10, the standard provides critical guidelines for the timeliness, preparedness, and continuous improvement of incident response management. That being said, new related requirements and clarifications have been introduced under v4.0 that add complexity and effort to the mandates from v3.2.1.