February News:

On The CalendarFebruary at The Fulcrum Group Let's get past any winter weather blues with a peek into spring - be on the lookout for a new look for The Fulcrum Group website!  We're excited about the website overhaul we're working on now and look forward to being able to share it with you soon. Also in the works, The Fulcrum Group Springtime Lunch & Learn will be a fun, casual event occurring mid-May.  Stay tuned for details! We'll let you know about any additional upcoming special events through our social media pages, which we'll update on our Events page as they occur. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you're new to our newsletter and you'd like to subscribe, let us know.
Types of Compliance Types of ComplianceAs a business owner, it’s important to know and understand what types of compliance that you face, and also to have an understanding of what types of compliance your clients might face as well.  Below is a list of common compliance types. PCI DSS (credit card payment industry) Designed to protect consumers, the PCI compliance standard focuses on merchants, financial institutions, and payment solution providers. The implications of PCI compliance are huge, because retail point-of-sale systems are a top target for hackers.  Being out of compliance could lead to your organization being no longer able to take credit cards.  If you take credit cards, your credit card processor will require that you complete an annual Self Assessment Questionnaire (SAQ), the results of which could lead to more compliance requirements such as network scans.  Visit https://www.pcisecuritystandards.org/ for more details. HIPAA (health care industry) If you’ve seen a doctor in the last decade, you’ve probably received a patient disclosure form that’s a part of the HIPAA compliance regulation. HIPAA is designed to protect patient information and, with the increase in electronic medical records, ensure that this highly personal data doesn’t get into the wrong hands.  Both healthcare providers (aka Covered Entities) and many of their vendors (aka Business Associates) must maintain compliance with HIPAA regulations.  Visit https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html for more details.  In addition, there are additional compliance requirements for Texas healthcare providers and other organizations under Texas HB300 (see https://www.hipaajournal.com/what-is-texas-hb-300/ for more details). CJIS (Local government law enforcement) Local government agencies with law enforcement need timely and secure access to services and information wherever and whenever for stopping crime.  The FBI and other state/local agencies provide database information systems that provide local law enforcement agencies with access to that information.  Of course, the data contained in these databases is extremely sensitive, and thus the FBI was charged with creating the CJIS compliance requirements for local law enforcement.  Over the years, IT security requirements have increased, as the threat of cyber crime has increased.  Visit https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center for more details. Other Types of Compliance SOC2 - https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html ISO 27001 - https://www.iso.org/isoiec-27001-information-security.html GDPR - https://gdpr.eu/ Sarbanes-Oxley (SOX) - https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act California Consumer Privacy Act - https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act Texas’ Identity Theft Enforcement and Protection Act - https://www.natlawreview.com/article/texas-updates-data-breach-notification-requirements Contact your Fulcrum Group Fractional CIO for more information
Compliance Tips Compliance Tips Maintaining compliance with compliance regulation usually can be boiled down to 4 key steps. Step 1 – Understand the Compliance Rules & Regulations Think of your industry’s or governmental rules & regulations as your detailed roadmap to compliance.  You must first understand the rules and regulations, why it is important to attain and maintain compliance, and what the impact would be if you didn’t attain or maintain compliance. Step 2 – Documentation If you are ever audited to determine your adherence to compliance, your documentation is the way you prove compliance.  The compliance rules & regulations will clearly spell out what documentation you need to maintain.  Usually this will consist of policies and procedures that are clearly documented for your organization.  Your documentation should be living and breathing (i.e. regularly updated and used in the operation of your organization). Step 3 – Due Diligence It’s not enough to have documentation such as policies and procedures; your organization must use these policies and procedures in the daily operations.  Between documentation and due diligence, you will meet the bulk of the requirements for compliance. Step 4 – Regular Review of Compliance Rules/Regulations, Documentation, and Implementation It’s a good idea to stay on top of your compliance requirements; these could change, sometimes as often as annually.  You should also review your documentation at least annually to make sure your policies and procedures are up to date.  And finally, verify that your staff is utilizing the policies and procedures. You may occasionally have audits that need to be completed.  If you follow these 4 steps, preparing for an audit should be a relatively painless process. Always feel free to reach out to us if needed. .
February 2020 Security Awareness Newsletter

Click here for this month's Security Awareness News.

Cybersecurity SPOTlight: All The Smart Things Over 90% of the world's data was generated in the last two years!  When adding smart things to your life, consider the ramifications...Great tips in this month's edition of our Security Awareness Newsletter! As always, feel free to reach out to us with questions.
Vistage Executive News - CEO Confidence Index Q4 2019Vistage Executive Group Optimism recovers midyear losses.  Check out the entire report here. .
Fulcrum Group Did You KnowDid You Know...? STAR Visits & Compliance Did you know…SPOT Managed IT Services STAR Visits include questions about industry compliance such as HIPAA Healthcare or CJIS Public Safety compliance...? This results in continuous monitoring and adherence to compliance requirements.