The federal government has strict and comprehensive regulations on how agencies handle constituents’ personal information. This is just as true for tax information. The IRS leans on established guidelines associated with federal security to dictate regulations for agencies that handle tax information and, by and large, treats that information as a sensitive and critical part… Read More
Many enterprises are looking for ways to increase their security and to protect their interests. As the world of cybersecurity, legal risk and operational challenges become more and more complex, checklist compliance regulations just aren’t going to cut it. That’s why governments and private organizations are increasingly turning to risk management as a tool for… Read More
Following the continuous rage of the COVID-19 pandemic, organizations face a difficult task to secure the workload and devices of the employees scattered around the world. As a home has become the new office, it unveiled serious organizational cybersecurity gaps. Experts say that simply installing antivirus software or encrypting traffic on a company-issued MacBook is… Read More
Corporate compliance is a major undertaking for a few reasons–IT systems become complex, work forces grow to hundreds of individuals with different levels of access to information and public corporations must file difficult financial and security attestations annually to prevent fraud. One of the essential forms of financial and IT compliance for publicly-traded companies in… Read More
SOC 2 is one of the most well-known and well-respected compliance frameworks for businesses wanting to show partners and clients that they take security seriously. With the help of expert auditors and supportive security professionals, SOC 2 can quickly become a standard part of doing business in nearly any industry. Organizations attempting to meet SOC… Read More
PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems. Many organizations seek their PCI compliance certification to cover their bases with payment processing and data… Read More
The unveiling of CMMC 2.0 last November raised a lot of questions, but also brought a lot of relief. The streamlining of security around Controlled Unclassified Information (CUI) will help defense agencies and contractors better secure their systems without burdening them with operational overhead. This is crucial for organizations who want to support these agencies… Read More
The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments. Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the… Read More
FISMA is one of the foundational cybersecurity documents in the U.S. government. Its passage in 2002 and subsequent update in 2014 have defined the security landscape for federal IT systems and associated contractors. However, a one-two punch from Congress and the President has changed things again. With recent cyber threats causing major damage to public… Read More
The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks. However, at its… Read More
Security isn’t simply something to consider during audits. In today’s evolving threat landscape, new attacks are emerging every day, and security experts are racing to stay ahead of them. The best approach to mitigating security is to maintain proactive cybersecurity practices, including testing, self-assessments and application scanning. Because many organizations are using or deploying web… Read More
We’ve already been seeing the changes for months now: new, robust cookie acceptance disclaimers, longer and more involved data collection forms and an uptick in fines for U.S. companies operating in the European Union. Companies in the United States are starting to understand their regulatory responsibilities under EU law, but few actually understand the scope… Read More
The California Consumer Protection Act (CCPA) was a landmark law passed in California to support data privacy and consumer rights. As time has marched onward, new technologies and insights from stakeholders have introduced new approaches to the challenges addressed by CCPA. That’s why Proposition 24, the California Privacy Rights Act (CPRA), was drafted and passed… Read More
The General Data Protection Regulation (GDPR) is a set of regulations enforced in the European Union to protect consumer data privacy and instill new controls over data ownership and use. While only having jurisdiction in the EU, this law has had a major impact on how companies do business in Europe, especially digitally. Here, we’ll… Read More
Lazarus Alliance Partnering Provides Audit & Compliance and Regulatory Support You have customers working with you today who need or demand additional support for their own compliance, risk, governance, and cybersecurity programs. Maybe your firm is a Public Accounting Firm and your clients work with you on taxation, but they also require a SOC 1… Read More
Government agencies and contractors in the supply chain face threats every single day. If you haven’t read the news lately, our national infrastructure and data systems face significant challenges in maintaining the security and integrity of their devices, applications and network resources. When agencies and contractors want to connect to any sensitive system, the Department of… Read More
In a previous article, we discussed GDPR compliance for businesses in the European Union. Simply put, GDPR changed the way that businesses can use consumer data for marketing and business purposes while giving more control to consumers in terms of how that data is stored, deleted or transmitted. While GDPR is not a standard in… Read More