San Francisco, CA, USA
Dec 12, 2019 | By Thea Corteza
Organizations are often left wondering what is the difference between a certification granted by representatives of the Payment Card Industry (PCI) and that of obtaining compliance.
Dec 6, 2019 | By Shanna Nasiri
Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare.
Dec 5, 2019 | By Thea Corteza
The Sarbanes-Oxley Act of 2002 (SOX) is a law that implements regulations on publicly traded companies and accounting firms. SOX was created to improve the accuracy and reliability of corporate disclosures in financial statements and to protect investors from fraudulent accounting practices.
Dec 3, 2019 | By Thea Corteza
Organizations face an increasing number of compliance metrics. Risk management is of paramount importance and is feeding the need for governance. Terms like PCI DSS and NIST CSF are two frameworks that help enhance data security and manage risk. Often, it is the confusion on where businesses need to start that prevents them from taking action at all. It is important first to understand what PCI and NIST do, how they are related to each other, and how they are different to prevent analysis paralysis.
Nov 20, 2019 | By Maxine Henry
Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and various state laws strengthen patient rights. HIPAA set a baseline for regulatory compliance with patient health information. Under the “preemption” language in the rule, no state may create less effective or weaker medical privacy protection for individuals.
Jan 29, 2019 | By Reciprocity Labs
Get best practices for purchasing and implementing a GRC software tool and get tips on how to leverage your tool for ongoing success.
Jan 29, 2019 | By Reciprocity Labs
In an increasingly litigious society, you need technology that allows you to create business strategies based on these risks so that you protect your organization from the mistakes others make.
Jan 1, 2019 | By Reciprocity Labs
This paper explores several dimensions of Vendor Risk Management. First, why are vendor risks proliferating—why now, and where do they come from? Second, what steps are necessary to manage vendor risks? And third, how can CISOs and compliance officers implement those steps in a practical way, so you don’t spend all your time chasing vendors with risk management protocols?
Dec 1, 2018 | By Reciprocity Labs
When companies first determine they need a formal compliance program, many are unclear if they need a compliance tool to manage it. Many companies turn to Microsoft Excel as the compliance tool of choice when first undertaking a GRC program. This eBook covers where Excel makes sense and how to know when your program has outgrown Excel.
Jul 28, 2016 | By Reciprocity
While Microsoft Excel is flexible and powerful, it’s not designed to track compliance initiatives. Some companies can get away with using an Excel spreadsheet for simple compliance requirements. However as your organization matures the need for compliance software will quickly grow.