FIPS 140-2 is a set of publicly announced cryptographic standards developed by the National Institute of Standards and Technology. It is an essential part of FEDRamp requirements for many governmental agencies in the US and Canada, as well as their business partners from all around the world. Furthermore, as a well established and verified security standard, an increasing number of large companies and financial institutions are asking for FIPS compliance.

With the implementation of electronic health records (EHRs) into practices, patient experience has improved, among other advancements at the point of care. These include better access to patient records and highly efficient care delivery. While these are some significant benefits, some practices experience certain drawbacks too, such as temporary slowdown of processes during EHR transition and high ongoing maintenance costs. One of the most pressing issues include patient record retention.

As compliance managers, we often find ourselves in a struggle. Our responsibility is to uphold compliance standards but in order to achieve this, we need to “sell” the concept to the relevant stakeholders, inter alia the business teams and R&D. We’re put in the position of justifying required changes and processes and are thus mistakenly perceived as business “stoppers” and not enablers.

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

When an organization is ready to deploy a new solution, or build a new system, there is often a continuing discussion about the relative merits of using the cloud versus deploying on-premises. While there are a number of aspects that play into this decision, it is not always clear which is the better solution for security and compliance. Typically, deployment issues are not clear because security and compliance solutions quickly change when you are using shared vs. dedicated environments.

Here's how an agreement between Japan and the European Union will impact the safety of data transfer.

Compliance departments are beginning to turn to website monitoring tools to help bolster their compliance monitoring efforts as it’s become increasingly difficult for these firms to remain compliant with industry regulations in recent years. Firms operating in highly regulated / legacy industries suddenly find themselves more vulnerable than ever to fines and penalties from regulators.