Blog

As the EU's digital landscape evolves, so does its regulatory environment. With the NIS2 Directive, the Cyber Resilience Act (CRA), and the Digital Operational Resilience Act (DORA) all advancing on different timelines, organizations must prepare for a complex yet increasingly harmonized set of cybersecurity and resilience expectations.

The National Security Division (NSD) of the U.S. Department of Justice (DOJ) issued a Final Rule announcing a new Data Security Program (DSP) under Executive Order 14117: Preventing Access To Americans' Bulk Sensitive Personal Data And United States Government-Related Data By Countries Of Concern. Focused on protecting “covered data” transactions, the goal of the DOJ’s Final Rule is clear—prevent access to U.S government-related data and Americans’ sensitive personal data from:

Organizations complete mergers and acquisitions (M&A) all the time, be it for growth and expansion, to further synergize or diversify, or for other incentives. And as varied as your reason(s) may be for your latest realignment, there is one consistent impact M&A has no matter the driver—the effect on your ongoing compliance cycles. As such, you need to have a plan to properly adjust, especially since there are different paths you can take when accommodating such an organizational shift.

In today’s complex and constantly evolving regulatory environment, businesses face an ever-growing array of compliance requirements across multiple frameworks ranging from FedRAMP, PCI, ISO, GDPR, and HIPAA, to name a few. Navigating these compliance waters is increasingly challenging, particularly with regards to cybersecurity and data protection. However, there are measures you can take to significantly refine your compliance processes. In this article, we will explore how streamlining all of your compliance efforts with a single trusted provider can not only simplify your processes but also enhance your overall security posture.

When positioning your organization to achieve its SOX ITGC objectives and reporting obligations, you can’t take any chances for fear of negative fallout. And while establishing a team of dedicated internal IT audit professionals can help streamline those processes, there are challenges in maintaining such a team—just as there are advantages to substituting an independent IT audit team instead.

In the fast-paced world of business, trust and credibility are table stakes. You've likely invested in compliance certifications to demonstrate your commitment to industry standards. But are you prepared to meet the rising expectations of a new generation of stakeholders who demand more than just compliance?

Back in 2018, the French government introduced—by way of its Public Health Code (Article L.1111-8)— HDS certification, mandating that all entities hosting personal health data must successfully achieve certification. Now, in 2024, they’ve published a new HDS framework with changes, expositions, and removals of language that organizations affected will need to know in order to comply.

As technology continues to evolve and become more robust, organizations have realized they need expertise and to be proactive in identifying risks and implementing controls. But even as new solutions are introduced, the backbone of many compliance and cybersecurity initiatives—including SOX— remains an organization’s internal technology general controls (ITGCs).