PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems. 

Many organizations seek their PCI compliance certification to cover their bases with payment processing and data storage. As these enterprises collect card data, payment information, and other data types, this compliance helps them maintain good standing with the credit card companies and their customers. 

Learn the basics of PCI compliance and auditing in this article. 

Read More

The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments. 

Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the market, many organizations opt to get a SOC 3 report. 

Read More

We’ve already been seeing the changes for months now: new, robust cookie acceptance disclaimers, longer and more involved data collection forms and an uptick in fines for U.S. companies operating in the European Union. 

Companies in the United States are starting to understand their regulatory responsibilities under EU law, but few actually understand the scope of their obligations. Here, we’ll discuss some of the impacts that GDPR has on U.S. businesses and if that will trickle down to companies of all sizes. 

Read More