What Your MSP Should Know About HIPAA Compliance

Apr 8, 2021 Continuum GRC 0 Comment

The complexity of healthcare service demands robust technical infrastructure. Advances in patient treatment, research, diagnostic tools and even predictive analytics and AI have pushed technologies available to healthcare providers, which means that these organizations turn to expert providers to give them new tools and features to revolutionize their patient care models. This increased reliance on Cloud Service Providers (CSPs) or a Managed Service Providers (MSP) means that these organizations must rely on HIPAA-compliant technologies, which means counting on HIPAA-compliant vendors to provide them.

Here, we discuss why HIPAA compliance is so important to MSPs, and why MSPs must not only be compliant but work with security experts and compliant partners as part of their operations.

How to Prepare for the Upcoming PCI DSS 4 Update

Mar 31, 2021 Continuum GRC 0 Comment

The Payment Card Industry Data Security Standard is a voluntary security framework to help protect customers and merchants against the theft of credit card data during POS transactions. Like many other compliance frameworks, PCI DSS has continually evolved over the years to match new technologies and new threats to the privacy of consumers shopping online and off. As of 2021, the PCI Security Standards Council has announced the newest version of PCI DSS, version 4.0.

While the official documentation for the updated standard has, as of March 2021, not been released, many merchants and banks are preparing for the transition. Here are some basics into PCI DSS and the move to version 4 coming Summer 2021.

Is CMMC Compatible with FedRAMP Certification?

Mar 31, 2021 Continuum GRC 0 Comment

Any IT or cloud provider working with the government needs to show that they are secured against data breach or theft. As the SolarWinds hack has demonstrated, our interconnected technology systems are under attack from outside entities who want to gain access to critical civil, military, and industrial data and undermine our security. That’s why frameworks like FedRAMP and CMMC exist.

But do these frameworks play well together? As of right now, there isn’t a clear 1-to-1 relationship between the two. But some similarities between the two could help cloud service providers who want to work with defense agencies prepare their systems for CMMC compliance if they currently have FedRAMP certification.