Compliance

ISO 27017 & ISO 27018 Compliance Documentation

Cloud services offer great scalability and flexibility. However, for a company, the adoption of cloud services is challenging as it raises concerns about security. Even though being ISO 27001 certified, if a company is using or providing cloud based services, then they must see what the ISO standards for Cloud Computing have in store for…

Compliance

SOC 2 FOR SERVICE ORGANISATIONS

SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs. Which SOC Report…

Compliance

Cyber Security Definitions

Confidentiality is the term used to describe information/data privacy which means the information is not made available or disclosed to unauthorized entities or individuals. Integrity is the term used to describe information/data accuracy and completeness throughout its lifecycle. That means that the data cannot be modified by an unauthorized entities or individuals. Availability is the…

Compliance

HIPAA Compliance for Mobile Apps

HIPAA Compliance for Mobile Apps With lots of mobile apps handling or processing PHI (Personal Health Information), the HIPAA (Health Insurance Portability and Accountability Act) compliance is becoming a mandate for such apps. This article brings clarity informing what all points should be considered to make the android or ios mobile application compatible to HIPAA…

Compliance

FedRAMP Cyber Security Certification 5

Q. What is FedRAMP? A. The Federal Risk and Authorization Management Program (FedRAMP) is a US government program that provides a unique approach toward security assessment, authorization, and continuous monitoring for cloud products and services. Q. Is FedRAMP mandatory? A. Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low,…

Compliance

FedRAMP Cyber Security Certification 4

Goals and Benefits of FedRAMP The Goals of FedRAMP are to 1. Ensure use of cloud services adequately protects and secures federal information. 2. Enable cloud services’ reuse across the federal government wherever possible to save money and time. Benefits of FedRAMP are: • FedRAMP is a government-wide program that provides a standardized approach to…

Compliance

FedRAMP Cyber Security Certification 3

FEDRAMP SECURITY ASSESSMENT FRAMEWORK FedRAMP SAF is compliant with FISMA and is based on NIST Special Publication 800- 37. Federal Agencies are needed to assess and authorize the information systems in accordance with FISMA. FedRAMP specifies a set of controls for Low and Moderate security impact level systems based on NIST baseline controls (NIST SP…

Compliance

FedRAMP Cyber Security Certification 2

FedRAMP Features: FedRAMP was created out of the Federal Cloud Computing Initiative to remove the barriers to the adoption of the cloud. • Cloud computing offers a unique opportunity for the federal government to take advantage of cutting edge information technologies to dramatically reduce procurement and operating costs and greatly increase the efficiency and effectiveness…

Compliance

FedRAMP Cyber Security Certification 1

OVERVIEW FedRAMP, The Federal Risk and Authorization Management Program is a United States Government program that standardizes how Federal Information Security Management Act (FISMA) is applied when cloud computing services are used. FedRAMP provides a definitive approach to security assessment, authorization, and continuous observation of cloud based services. FedRAMP reduces the cost of FISMA compliance…

Compliance

SOC2 Compliance for Startups

SOC 2 FOR SERVICE ORGANISATIONS SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report. Each type of SOC for Service Organizations report is designed to help service organizations meet specific…