ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1516 Results
Page 28 of 152

What Is ISO 14001?


ISO 14001 is the international standard that specifies requirements for an effective environmental management system to achieve ISO compliance. An environmental management system consists of policies, processes, plans, practices, and records that govern how an organization interacts with the environment. That system should be tailored to each organization because the legal requirements and environmental interactions […]

digital hand tapping ISO standards quality controls touchscreen

November 28, 2023

What is the HIPAA Privacy Rule?


The HIPAA Privacy Rule, formally known as the Standards for Privacy of Individually Identifiable Health Information, is a cornerstone of healthcare compliance. Enacted under the Health Insurance Portability and Accountability Act (HIPAA), this rule is the bedrock for safeguarding sensitive health records and protecting Individually Identifiable Health Information (IIHI). Its scope is comprehensive, encompassing all […]

Preparing for a HIPAA Audit: A Step-by-Step Guide

Tags:

What is GDPR?


The GDPR (General Data Protection Regulation) is a data protection law that mandates all companies doing business within the European Union (EU) member states to comply with strict new rules protecting the personal data and privacy of people living in the EU (data subjects). Effective May 25, 2018, the General Data Protection Regulation replaces the […]

GDPR (general data protection regulation) concept. Cubes with text GDPR and icons of people.

Tags:

What is PCI DSS certification?


Understanding PCI DSS Certification vs. Compliance  There is no “PCI DSS certificate” in the traditional sense because payment card data security is an ongoing process, not a one-time achievement. However, larger merchants must obtain an annual Report on Compliance (ROC) from a Qualified Security Assessor (QSA) or Internal Security Assessor to demonstrate their PCI DSS […]

female handing her credit card to a grocery checkout clerk

Tags: ,

Why is FedRAMP Important for State and Local Agencies?


The Federal Risk and Authorization Management Program (FedRAMP) was launched by a group of federal agencies that realized the efficiency of having a single risk-based standard for Cloud Service Providers (CSPs) rather than each federal agency developing its security assessment program from scratch when forging a business relationship with an industry partner. As all organizations […]

man pushing against dominos to prevent them from falling

What is PCI PA-DSS?


The Payment Application Data Security Standard (PA-DSS) is a program designed to help companies like software vendors build secure payment applications that don’t store “prohibited data,” such as full magnetic stripe, PIN data, or CVV2. PA-DSS makes sure payment applications support PCI DSS compliance. But, the use of a PA-DSS-compliant application by itself isn’t the […]

digital devices and security icons

To Whom Does the CCPA Apply?


The California Consumer Privacy Act (CCPA) applies to certain for-profit businesses that collect or have collected the personal information of California residents, whether or not those businesses are located in California. Often compared to the European Union’s General Data Protection Regulation (GDPR), the CCPA is the most stringent data privacy law in the United States. […]

U.S. map with red push pin in California

Tags: ,

What is COSO?


The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed initially to enable the National Commission on Fraudulent Financial Reporting. It was founded by five significant professional associations: The American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Internal Auditors (IIA), and the […]

businessman tapping automation directive on touchscreen

Tags: ,

PCI Scope: What Is it & Best Practices


E-commerce is a huge commercial realm, with some 2.14 billion digital buyers worldwide by the end of 2021. At the heart of e-commerce is the ability to keep payment card data secure during online transactions, and at the heart of payment card security is Payment Card Industry (PCI) compliance. Technically, PCI compliance is not required […]

Customer stand near bar counter make payment use contactless credit card close up hands device view, cashless method pay bills in commercial places concept.

What Is a SOC 2 Readiness Assessment and Why Do You Need It?


SOC 2 audits are independent assessments of your company’s cybersecurity posture, and those audits are no walk in the park. Hence it would be wise for your company first to undertake its own SOC 2 readiness assessment: so that you can identify and correct problems before the external auditors find those issues for you. First, […]

business owners reviewing paperwork for a readiness assessment

Page 28 of 152

Ready to Experience Simply Powerful GRC?

×