Its All About Ethics
All ISO27001 certified companies (not just compliant but certified) certainly have a stronger foot while competing for contracts and customers in the market. But being certified is not enough, they know this and hence they need to do Internal ISMS audits to ensure they are meeting the ISO27001 ISMS objectives of information security. Although, it’s…
A flexible framework to manage and mitigate present and future security risks in industrial automation and control systems is provided by the ISA/IEC 62443 series of standards, developed by the ISA 99 committee and adopted by the International Electrotechnical Commission (IEC). While many cyber security standards are successful in business IT environments, the ISA 62443…
Information security is becoming increasingly vital in the digital era to preserve competitiveness. This is especially true in the automotive industry, where companies often communicate large amounts of sensitive data that must be protected from theft, loss, or manipulation. OEMs and their suppliers produce one of the world’s most complicated supply chains. Several individual manufacturers…
So, you are trying to onboard a new customer, a customer who you have been going after for a while, a customer who can bring good fortune to the organization and then when you are almost certain that the deal is yours, they asks if you are ISO 27001 certified or not. You are not…
Why HIPAA and GDPR cannot replace each other? Its a misconception that GDPR and HIPAA can replace each other. Many companies misconstrue both the compliances. They think that HIPAA is USA, GDPR is EU and both talk about personal information. They further think that implementing one, means automatically implementing the other. Unfortunately that is not…
What is the difference between SOC2 Type 1 report and Type 2 report? A SOC report helps organizations that provide a given type of service to another organization show the effectiveness of their internal controls environment. A SOC 2 audit provides both detailed information and assurance of the service organization’s controls relevant to security, availability,…
GDPR Compliance for Mobile Apps Many mobile apps handle PII (Personally Identifiable Information), which can be as simple as person’s name, phone number and address. Or it can be as complex as their fingerprint details captured via mobile device and the app running on it. The GDPR compliance (General Data Protection Regulation) mandates that the…
While there are many companies going for or considering GDPR implementation after 25th May 2018, there are a bunch of those who are still contemplating on what to do about it. GDPR is not as easy to implement as ISO 27001 and requires a very different approach. This is especially true and gets further complicated…
To the question in title, if I was a hacker I would ask myself “why not”?. Its simple really. Hackers always go for the data which either they can use for themselves or they can sell and earn money. PHI (Personal Health Information) or the EHR (Electronic Health Records) data is that form of electronic…
While choosing ISO27001 consultant or implementation partner, usually companies do not know the basis on which they should select the right vendor. Due to lack of adequate awareness and hence as a common practice, organisations choose to select ISO27001 Consultant Company purely based on cost. Typical mistakes in implementing ISO27001 Compliance All those who are…