Many times, assessing an organization’s privacy and security compliance is required by various regulators. In addition to this, companies that are not yet regulated still benefit from the reductions in liabilities afforded to those who prepare strong privacy, security, and cybersecurity programs before they have incidents. Healthcare has enforced complex rules for both privacy and security since 2009, with requirements for regular privacy and security assessments that gauge compliance with the 2 HIPAA rule sets.
Moreover, non-healthcare industries, such as financial, investment, and government contracting of classified and non-classified data all have regulatory assessment requirements, mostly for security. SOX (Sarbanes Oxley), GLBA (Graham Leach, Blily Act), DFARS NIST SP 171, PCI-DSS (Credit cards), and others cover these different market spaces. The latest trend has been the rise of privacy rules with GDPR (General Data Protection Rule) and CCPA (California Consumer Protection Act) paving the way. Many believe other states and the federal government will follow California’s steps in enacting consumer privacy protections. These rules will be widespread and will work with various security rules to cover any types of businesses that manage personally identifiable information.
While these assessment types differ, their similarities allow for the required assessment processes to be managed in a uniform manner.
In this practical webinar, you will learn the different assessment requirements and their associated rule sets. You will also explore examples to facilitate understanding of how to perform these assessments utilizing actual assessment and policy management tools. Among other things, you will address privacy management and security policy creation.
Upon course completion, you will be able to:
- Navigate the complex world of measuring privacy and security regulatory compliance using assessments.
- Outline the newer regulatory requirements, including GDPR (General Data Protection Rule) and CCPA (California Consumer Protection Act).
- Perform these assessments and identify the result of assessments, e.g. prioritized remediation plans including policy creation and updates.
- Recognize how real-world assessment and remediation processes flow and operate.
- Address real assessment questions, the scope, and content of various assessments