Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Information security is no longer optional; it’s critical to running a successful, resilient business. ISO 27001, the international standard for information security management systems (ISMS), provides a structured approach to safeguarding data. Central to this framework are the 93 controls in Annex A, which are divided into four categories: organizational, people, physical, and technological.

PCI DSS 4 introduces new requirements for SAQ-A and SAQ-A-EP Merchants. Key new changes are Requirements 6.4.3 and 11.6.1. While these requirements play a crucial role in preventing and detecting e-commerce skimming attacks they also require merchants to implement and operate new technical capabilities on payment webpages. Requirements 6.4.3 and 11.6.1 apply to all scripts executed in a consumer’s browser on payment pages, defined as web-based interfaces that capture or submit account data.

The NIST AI Risk Management Framework (RMF) is one of the most advanced, globally accepted guidelines for the safe and responsible use of AI systems. If your organization implements AI in any capacity, adopting the NIST AI RMF can be a significant move toward future-proofing your operations and strengthening AI trustworthiness among customers.

A core product tenet at TrustCloud is delivering a “Joyfully Crafted” user experience for our users. As we wrap up 2024, the TrustCloud product and UX team went through all the user feedback we received this year, and identified some key “quality of life” improvements to make the day-to-day experience for our users more approachable. We’re excited to share these updates with you.

SAQ A-EP is a key focus of the Payment Card Industry Data Security Standard (PCI DSS) version 4, which introduces changes affecting merchants. Designed for e-commerce merchants who partially outsource their payment processing but have website elements impacting transaction security, SAQ A-EP ensures compliance with these updated requirements. This article clarifies these changes and outlines the top 5 actions SAQ A-EP merchants should take before March 31, 2025.

Trust is critical to the success of every business. And in 2024, we saw that building, scaling, and demonstrating trust is getting more difficult for organizations. ‍ Vanta’s second annual State of Trust Report uncovered key trends across security, compliance, and the future of trust. Based on a survey of 2,500 IT and business leaders in the U.S., UK, and Australia, our research found that more than half (55%) of organizations say that security risks for their business have never been higher.

The Health and Human Services Office of Civil Rights (OCR) has launched an effort to improve cybersecurity measures for a wide variety of healthcare organizations. The aim is to counter the significant increase in the number of breaches and cyberattacks impacting healthcare along with the common deficiencies OCR has observed in its investigations into Security Rule compliance, cybersecurity guidelines, best practices, methodologies, procedures, and processes.

The final step to achieving ISO 27001 certification is passing a final audit of your ISMS. During this process, you will work with an external, third-party auditor to perform a thorough audit of your systems, to evaluate compliance with the guidelines in ISO 27001. The question is, what will that auditor be doing? Do you hand them paperwork and the keys to the building and let them do their thing, or are they more interactive? What can you expect when working with your auditor?