• NIST 800-53 Rev. 5 Update is Coming Soon…

    NIST 800-53 Revision 5 Security and Privacy Controls for Systems and Organizations is under final review which was just extended to May 29, 2020. The draft version is available at https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft. We recommended that you start reviewing it now so you can predict how the new standard will impact your current implementation and documentation. We ... Read More →

  • SMS-Messaging Patients is Easy – But is it HIPAA Compliant?

    Mr. Bedman, a new homecare patient, isn’t feeling well.  So his daughter texts a nurse at his physician’s office. The nurse texts back with questions about symptoms and activity levels, and receives a reply prompting the nurse to consult with the doctor. After a few moments the nurse returns a text to the daughter with ... Read More →

  • Does Your Business Need to Comply with GDPR?

    The requirements of the European Union´s General Data Protection Regulation (GDPR) for US companies who collect, maintain or process EU Citizen personal data will be significant and compliance is not an option. When GDPR takes effect on May 25, 2018, the European Commission will enforce the regulation around the world through administration of major fines. ... Read More →

  • Your Vendor, Your Responsibility: 10 Key Elements for Vendor Selection Criteria

    Supplier and Vendor Vetting is a critical security activity that is sometimes treated lightly by even the most secure organizations.  If you share client data with your vendors, it is imperative that they have at least the same level of security as your organization. Vetting activity can be performed in house or can be outsourced ... Read More →

  • The Deadline for SP 800-171 Has Come and Gone: What to Know and Do If You Missed It

    For government contractors who deal with Controlled Unclassified Information (CUI), the deadline for compliance with DFARS 252.204.7012/NIST SP 800-171 came and went on December 31, 2017.  Did you make it? The purpose of 800-171 is basically two-fold: To ensure that those who handle CUI have in place standardized security procedures, allowing the government to assess ... Read More →