HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

PCI DSS ASV scanning explained for dummies

Organizations across the globe are increasingly adopting PCI DSS to demonstrate that they securely store payment card data. Payment Card Industry Data Security Standards (PCI DSS) is a set of technical and operational requirements laid down by the PCI SSC (PCI Security Standard Council). Over the years, PCI DSS has become a reasonably expected compliance … Continued

PCI DSS compliance for your Azure hosted SaaS

Cloud computing has brought in a paradigm shift and transformed how organizations across the globe offer their services. Instead of setting up physical infrastructure, most organizations prefer moving to a cloud environment for on-demand access to resources. Cost-effectiveness and minimal management requirements further push SaaS providers to rely on cloud infrastructure, as compared to physical … Continued

Penetration Testing and Vulnerability Scanning Requirements for PCI DSS

Penetration testing and vulnerability scanning exercises have become standard practices for modern-day enterprises. In our latest series of blog posts, we are discussing how these exercises meet the compliance requirements of various standards, laws, and regulations. We discussed penetration testing and vulnerability scanning controls in ISO 27001:2013 here. In this article, we will be focusing … Continued

PCI DSS Compliance for SaaS Companies – An Overview

An increasing number of Software-as-a-Service (SaaS) providers are now involved in the transmission and storage of cardholder data. They may not be actually processing the data, the mere notion of storage and transmission brings such SaaS providers under the scope of PCI DSS compliance. In this article, we explore what PCI DSS compliance means for … Continued