Security certifications are a must for vendors and technology firms. Many organizations choose SOC 2 as a way of demonstrating effective risk management practices and meeting regulatory requirements. Holding a SOC 2 shows that your organization takes security seriously and now, more than ever, ...

CIOs have mostly ridden out the remote work surge caused by COVID-19. The employees who can work remotely are now safely settled in their home offices and CIOs have systems in place to handle the more distributed access requirements. So what should a CIO turn to next? The answer is simple: re-think ...

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million. Google has taken the biggest hit so far with a January 2019 fine of $53 million from the French data protection watchdog. But what has it meant for small to ...

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report (Systems and Organizational Controls) conducted by a CPA who is accredited with the AICPA. These auditing standards require an independent and ...

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency. While investing time to build out your information security program may not seem like a cost saving idea, it can actually introduce significant operational savings. ...

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to move to a remote work situation for employees and manage a business in a crisis situation was a shock to many. However, we shouldn’t ignore the lessons ...

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute to be effective social distancing and therefore the risk they are willing to accept. At Ostendio, we manage risk every day and there are similarities ...

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in 2016, well funded venture backed companies have a history of falling foul of basic state and federal regulations regarding privacy and security. Is it ...

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work. At present, 1 in 3 Americans are being asked to stay at home and, for some, work from home, including the entire Ostendio team. In addition to practical ...

Vendor Risk Management is a hot topic at the moment and for good reason. A recent study by the Ponemon Institute showed 59% of companies have suffered a data breach at the hands of their third party vendors and many don’t know how to tackle the issue. At Ostendio we deal with customers from across ...

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here. In the webinar we talked about managing the risks associated with vendors and how traditional solutions have failed to solve those problems. Our webinar shared practical advice and ...

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how organizations operate in the shadow of HIPAA. There is a lot of chatter in the data security and privacy world right now about GDPR in Europe and CCPA ...

When we talk to customers, prospects, and even audit partners, they are often overwhelmed with the choices they have for GRC tools. There is a lot of vendors-speak, confusing terminology, and varying opinions on where to start. Sometimes it helps to break the problem down to the basics, then build ...

We are huge football fans at Ostendio! Even though we spend our days helping customers with their cybersecurity challenges, many of us also moonlight as fantasy football professionals, or at least we think we do. With the Super Bowl this coming weekend, we started talking about how football and ...

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare to retail – has focused on the threat prevention aspect of data security. We train employees on compliance, how to recognize PHI and personally ...