GDPR 2 years on- what happened to all the hype?

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million.  Google has...
Read

How SOC audits help businesses during uncertain times

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...
Read

Business Efficiency: the hidden benefit of an information security program

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency.  While...
Read

How can a Risk Management platform support your business during a crisis?

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to...
Read

Using Risk Management strategies to help us effectively Socially Distance

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...
Read

Is Zoom just the tip of the iceberg?

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in...
Read

7 Tips to Reduce Risk Stemming from Remote Work

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work.  At present, 1...
Read

5 Biggest Mistakes Companies Make in Vendor Risk Management -- and how to avoid them

Vendor Risk Management is a hot topic at the moment and for good reason.  A recent study by the Ponemon Institute showed 59% of companies have...
Read

Top 5 Questions (and answers) about Vendor Risk Management

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here.  In the webinar we talked about...
Read

Checking in on HIPAA in 2020

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how...
Read

Top 10 Considerations for GRC Software Tools

When we talk to customers, prospects and even audit partners, they are often overwhelmed with the choices they have for GRC tools.  There is a lot of...
Read

Super Bowl Fever at Ostendio - Football and Security have more in common than you might think!

We are huge football fans at Ostendio!  Even though we spend our days helping customers with their cybersecurity challenges, many of us also...
Read

Why Integrated Risk Management is Becoming the Preferred Approach to Data Security

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...
Read

Unpacking the SCF Capability Maturity Model

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...
Read

Cybersecurity Dictionary for 2019

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...
Read

5 Trust Service Criteria of a SOC 2 Report

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...
Read

SOC 2 vs. SOC 1 or SOC 3: Which SOC Report Do I Need?

A Systems and Organizational Controls (SOC) report provides guidance on standards that should be used for operational and technological business...
Read

Preparing for the CCPA? 6 Steps to Get You Started

We hear about personal data breaches and cybersecurity attacks daily in the news. The California Consumer Privacy Act (CCPA) is one state’s answer to...
Read

New Document Management Capabilities in Ostendio MyVCM

Sometimes what seems like a low-level feature can actually be a very big deal in the world of cybersecurity and compliance. That’s why I’m really...
Read

7 Reasons Companies Can’t Avoid a Security Risk Assessment

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...
Read

Risk Management: What does it Mean to your 2019 Security Strategy?

For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation makes a complete lockdown impossible - no matter...
Read

5 Things to Know Before Buying Compliance Management Software

How do you choose the right compliance management software ? Technology can seriously streamline compliance management efforts and help you ...
Read

Why the California Consumer Privacy Act is Important to all Online Users

No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the...
Read

Are you Managing your Vendor Risk?

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service...
Read

Can a Compliance Audit be Pain-Free?

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it...
Read

How to Help Employees Rethink Compliance and Security

What’s your current approach to compliance? Policies and procedures in place, a security risk analysis every eighteen months, and an annual slide...
Read

What the HITRUST & NIST Alignment Brings to Healthcare Organizations

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...
Read

Big Cyber Growth in the Greater Washington Area

On Tuesday April 22nd, myself and Ostendio’s CEO, Grant Elliott, attend DCA LIVE’s 2018 BIG Cyber Growth Summit. As a cybersecurity product company...
Read

Curiosity Killed the Healthcare Organization

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my...
Read

Security Awareness Training vs Human Error: Can it Make the Difference?

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to...
Read

'We’re a US Company, the EU’s GDPR doesn’t apply!' Think again.

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have...
Read

Should you Integrate your GRC Platform with your Back-End Systems?

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems.  While...
Read

How to Prepare for a SOC 2 Audit

Security certifications are fast becoming need-to-haves for vendors and technology firms. Certifications, such as SOC 2, can offer a cost-efficient...
Read

How about a Cybersecurity Resolution for 2018?

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...
Read

Compliance and Security: Why One Does NOT Equal The Other

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...
Read

Understanding ISO-27001 Requirements

What is ISO-27001? ISO-27001 is a globally recognized security framework.  It aims to “provide a model for establishing, implementing, operating,...
Read

Top 5 Predictions for Healthcare Cybersecurity in 2017

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...
Read

End-of-Year Round Up: 3 Must Read Ostendio Blog Posts

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...
Read

Compliance & Risk: Has the Zenefits Lesson Changed the Game?

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...
Read

FDA Guidance : “Go Ahead & Share”

FDA Guidance : “Go Ahead & Share” FDA encourages Medical Device Manufacturers to share Patient Data In the digital age of healthcare, consumers are...
Read

The Brave (not so new) World of Compliance & Cybersecurity

GUEST BLOG: Our guest blog post  this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information...
Read

Whipped Into Shape: 5 Compliance Questions To Ask Your Digital Health Partners

We are excited to have a guest blog post from Irina Ridley, Privacy and Compliance Officer for Omada Health.  Irina offers practical guidance  for...
Read

Zenefits is Just the tip of the Iceberg – 4 Reasons Why

The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon...
Read

You Took an Online Risk Assessment!

THINK YOU ARE COMPLIANT? THINK AGAIN! A key first step in being compliant with most security regulations, including HIPAA, is the completion of an...
Read

Achieving compliance in the cloud

With the advent of cloud-based services and the ability of mHealth to move data outside the healthcare setting through these portals, the cost of...
Read

Concerned about HIPAA Compliance? If You’re a Health Startup, Yes

This article first appeared on 1776dc.com on January 7th, 2014.  (Photo courtesy of Flickr / USDA) I typically can tell if a health-tech startup...
Read

Why mere compliance increases risk

  In some cases, poor training is as bad as–if not worse than–no training it all, say John Schroeter and Tom Pendergast By John Schroeter and Tom...
Read