The Most Impactful Changes to PCI DSS v4.0

by Hannah Grace Holladay / March 21, 2024

Auditor Insights Webinar Recap The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards established to protect credit and debit card transactions from fraud and data breaches. The standard is updated regularly to adapt to new security threats and changes in technology. Version 4.0 will be released and required by March 2025.  In this webinar hosted by PCI-expert Randy Bartels, we explore the most impactful…

GDPR Readiness: Conditional Requirements

by Sarah Harvey / December 16, 2022

Because of the complexity and ambiguity of GDPR, it’s difficult for organizations to determine which requirements are absolute and which are conditional. These requirements can have a significant impact on budget, leadership, policies, and the project plan for compliance. In this webinar, KirkpatrickPrice’s Director of Regulatory Compliance, Mark Hinely, leads a discussion on mandatory versus conditional requirements, provides in-depth examples of conditional requirements, and explains the implications of treating conditional…

Using the HITRUST CSF Maturity Model

by Sarah Harvey / December 16, 2022

Organizations are often overwhelmed by the technical terminology and the number of requirements in the HITRUST CSF. However, while the HITRUST CSF may be daunting at first glance, the HITRUST CSF is not like any other framework. Achieving HITRUST CSF certification goes beyond showing whether or not you’re doing something, but instead it shows how well you’re doing it. In order to do this,  organizations are scored on how well…

GDPR Compliance Best Practices for Today and Tomorrow

by Sarah Harvey / February 6, 2023

Ensuring that your organization is GDPR compliant is paramount if your call center collects, stores, processes, or transmits the personal data of EU data subjects. Because of this, we suggest following these GDPR best practices: Data Mapping: Organizations need to identify where their data is coming from and where it goes. A call center associate might collect a name, date of birth, and email address, but a payment collection associate…

Management’s Responsibilities During a HITRUST CSF Assessment

by Sarah Harvey / December 16, 2022

What is an Executive Charter? When your organization begins preparing to undergo a HITRUST CSF assessment, management needs to review what their own responsibilities are, regardless of how seemingly small some of them might seem. For example, does your organization have an executive charter in place that delegates the responsibilities of the CISO? What level of involvement do your C-level executives have in your information security program? In this webinar,…