There are many types of third-party vendors whose activities, as they relate to European banking and the financial market, are regulated by the European Banking Authority (EBA). These include cloud-based web hosts, call center providers, bookkeepers and various maintenance providers and software companies, among others. Working with these third-party vendors has many advantages, as it reduces costs and improves flexibility...

Organizations have much more than just data to lose in a third-party breach. Besides losing consumer confidence and loyalty, companies in both the United States and the EU can face costly penalties for violating data privacy regulations.  During National Cybersecurity Awareness Month (NSCAM), it’s appropriate for organizations to also be aware of the risks of non-compliance. Not complying with HIPAA...

Many organizations must comply with the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, which is also known as 23 NYCRR 500. Like numerous regulations, 23 NYCRR 500 is designed to protect sensitive non-public information. However, it is specifically meant for covered New York-chartered or licensed financial institutions such as credit unions, banks, insurance firms and mortgage companies, as...

The National Institute of Standards and Technology (NIST), part of the US Department of Commerce, establishes best practices that are considered some of the best standards throughout the world. Some of their standards focus specifically on information security and privacy and are particularly important when assessing cyber posture. NIST’s robust InfoSec and privacy standards are valuable because they are well thought-out,...

You want to grow your business, but your customers want to be sure that you have taken steps to prevent unauthorized access to their sensitive data and personal information. One effective way to demonstrate that your organization has the right security controls in place is through a Service Organization Control 2 (SOC 2).  Developed by the American Institute of Certified...

What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in the...

Organizations have much more than just data to lose in a third-party breach. Besides losing consumer confidence and loyalty, companies can face costly penalties for violating data privacy regulations. During National Cybersecurity Awareness Month (NCSAM), it’s appropriate for organizations to also be aware of the risks of non-compliance. Not complying with HIPAA can cost as much as $1.5 million per...

The SIG, short for "Standardized Information Gathering (Questionnaire)" is a repository of third-party information security and privacy questions, indexed to multiple regulations and control frameworks. SIG is published by a non-profit called Shared Assessments, and has been in existence for about 12 years. The SIG has become such a popular means to assess vendor security risk that more than 15,000...

It’s been one year since the General Data Protection Regulation was implemented, and it’s shaken up the way many companies approach data privacy and third-party cybersecurity. We asked Dov Goldman, Panorays’ director of risk and compliance, to share his insights about this sweeping regulation. What have been some of the biggest changes on the privacy and security front since GDPR...

The two-year implementation period for the New York Department of Financial Services (NYDFS) cybersecurity regulation, 23 NYCRR 500, will be over on March 1. This means that the final requirement involving entities that use third-party providers will soon become effective. What do companies need to know about the NYDFS regulation and deadline? Read on for some key guidelines. What is...