Shows
Compliance PointersS3 E29: Integrating GRC Tools Into Your Compliance ProgramMany businesses are using GRC tools to prepare for audits and improve the overall efficiency of their compliance programs. Brandon Breslin joined Compliance Pointers to explain how organizations can identify the best tool for them and maximize its value. Watch the entire episode to learn about: 🔧 Considerations when selecting a GRC tool 🔧 Benefits of leveraging GRC tools 🔧 Effective implementation 🔧 #AI in GRC tools Learn more about CompliancePoint's Cybersecurity services here: https://www.compliancepoint.com/services/cyber-security/ Learn more about our InfoSec Certification services here: https://www.compliancepoint.com/services...2025-08-0623 min
Compliance PointersS3 E28: Common Penetration Testing MistakesPenetration testing is an important element of a cybersecurity program. Pen testing is also a compliance requirement for standards like HIPAA, PCI, and FISMA. There are some common mistakes businesses make that can hurt the efficiency and effectiveness of a test. We break down these mistakes on the latest episode of Compliance Pointers. Click the link in the comments to see the entire episode and learn about: 💻Defining the scope 💻Tools and techniques in #pentesting 💻Testing environments 💻Phishing and Social Engineering 💻Post-test remediation and documentation challenges Learn more about Comp...2025-07-3015 min
Compliance PointersS3 E27: How to Read a SOC 2 ReportWhat are the most important items to look for when reading a SOC 2 report? Carol Amick joined Compliance Pointers to answer that question. Watch the entire episode and learn about:📃 The key components - management's assertion, controls, and exceptions📃 Analyzing the controls📃 Understanding exceptions📃 Verifying the quality of the reportLearn more about CompliancePoint's SOC 2 services at: https://www.compliancepoint.com/services/information-security/soc2-compliance/2025-07-2318 min
Compliance PointersS3 E26: How Existing AI Laws Impact BusinessesMichael Young, a partner at Morris, Manning, and Martin, who focuses on the intersection of data, tech, privacy, and cybersecurity, joined Compliance Pointers to break down AI laws that are in effect at the state level. Watch the complete episode to learn about: ⚖️ Existing state laws and their requirements ⚖️ The risks those laws create for businesses implementing #artificialintelligence into products and services ⚖️ First steps businesses can take for compliance Learn more about Michael Young here: https://www.mmmlaw.com/people/michael-young/ and Morris, Manning & Martin here: https://www.mmmlaw.com/ ...2025-07-1627 min
Compliance PointersS3 E25: What's Driving TCPA LawsuitsThe number of TCPA lawsuits continues to increase in 2025. Alexandra Krasovec, Partner at Manatt, Phelps & Phillips, LLP, who specializes in TCPA cases, joined Compliance Pointers to give us an insider look at what’s currently driving these cases. Watch the entire episode to hear Alex’s take on: ⚖️ The most common violations plaintiffs are leveraging for suits ⚖️ Identifying and managing the risks your third-party vendors can create ⚖️ The importance of internal #DoNotCall lists ⚖️ #Telemarketing best practices for mitigating lawsuit risks ⚖️ How to respond when facing a lawsuit ⚖️ How the McLaughlin #SCOTUS r...2025-07-0942 min
Compliance PointersS3 E24: HITRUST Certification First StepsWhere do organizations with HITRUST certification plans begin? We answer that question in this episode of Compliance Pointers. Listen to the entire episode to learn more about:✅ Choosing the Right HITRUST Certification✅ The Role of a HITRUST Auditor✅ Selecting the Right Audit Partner✅ Preparing for Your HITRUST AssessmentLearn more about CompliancePoint's HITRUST certification services at: https://www.compliancepoint.com/services/healthcare/hitrust-certification/2025-06-2521 min
Compliance PointersS3 E23 Solving Website Cookie Configuration and Compliance Challenges Cookie functionality is a key to GDRR, CCPA, and other state privacy law #compliance. Proper cookie configuration can be technically challenging. Michael Nadeau joined Compliance Pointers to share his cookie expertise. Listen to the entire episode to learn more about:🍪 Cookie requirements for privacy law compliance🍪 The most common implementation challenges🍪 Opt-in vs opt-out environments🍪 Cookie management best practicesLearn more about CompliancePoint's Cookie Management Services here: https://www.compliancepoint.com/services/privacy/cookie-management-services/2025-06-1818 min
Compliance PointersS3 E22: The Path to SOC 2 ComplianceFor organizations working towards SOC 2 compliance for the first time, the journey can seem daunting. Carol Amick joined Compliance Pointers to break down the SOC 2 essentials. Watch the entire episode to learn about:☑️ Defining a scope☑️ The AICPA Trust Service Principles☑️ Combining SOC 2 with other infosec frameworks☑️ Designing controls☑️ What happens if you can't demonstrate compliance with the controls☑️ The impact of exceptions on your SOC 2 reportLearn more about CompliancePoint's SOC 2 services at: https://www.compliancepoint.com/services/information-security/soc2-compliance/2025-06-1122 min
Compliance PointersS3 E21: Don't Forget Email in Your Marketing Compliance ProgramCANSPAM and state email laws are an often-overlooked aspect of marketing compliance. A recent ruling against Old Navy in the Washington State Supreme Court shows there are risks to violating email laws. Tony Jarnigan joined Compliance Pointers to break down email regulations and best practices. Watch to learn about:📧 The relationship between CAN-SPAM and state email laws📧 The Old Navy case & misleading subject lines📧 State laws and the private right of action📧 Best practices for email complianceLearn more about CompliancePoint's marketing compliance services at: https://www.compliancepoint.com/services/mar...2025-06-0421 min
Compliance PointersS3 E20: The Lessons Learned from CCPA EnforcementsTwo CCPA enforcements have been issued recently. Both fines largely stemmed from #privacy and consent functionality on the company’s websites. Matt Dumiak joined Compliance Pointers to discuss the lessons everyone can learn from these penalties. Listen to the entire episode to learn about:💻 The Honda violations💻 Third-party privacy management software risks💻 The mistakes made regarding deletion requests, identity verification, and authorized agents💻 Todd Snyder's opt-out violations💻 The importance of monitoring your privacy functionsLearn more about Compliance Point's Privacy Services at: https://www.compliancepoint.com/services/privacy/2025-05-2823 min
Compliance PointersS3 E19: How Your ISO 27001 Certification can Accelerate ISO 42001 ComplianceAs the adoption of #AI continues to expand rapidly, ISO 42001 certification will become more valuable for businesses. In this episode of Compliance Pointers, Brandon Breslin explains how organizations can leverage their existing ISO 27001 certification to accelerate their ISO 42001 compliance efforts. Watch the complete episode to learn:The overlaps in 27001 and 42001 complianceArtificial Intelligence governance and policy considerationsNew tasks required for ISO 42001First steps for achieving ISO 42001 certification with and without an existing ISO 27001 certificationLearn more about CompliancePoint's ISO42001 services: https://www.compliancepoint.com/services/information-security/iso-42001-certification/ Learn more about our ISO 27001 services: https://www...2025-05-2122 min
Compliance PointersS3 E18: Are Recent Rulings Changing the Telemarketing Regulatory LandscapeIn this episode of Compliance Pointers, Senior Marketing Compliance Consultant Megan Rose breaks down the impact of recent rulings regarding the FCC’s One-to-one Consent and Consent Revocation rules. She also explores the spike in TCPA lawsuits stemming from calling times violations.Learn more about CompliancePoint's Marketing Compliance services at: https://www.compliancepoint.com/services/marketing-compliance/2025-05-1419 min
Compliance PointersS3 E17: Aligning Cybersecurity Controls to Healthcare Compliance ObligationsHealthcare organizations have specific cybersecurity needs and challenges alongside their obligations to comply with laws like HIPAA. Security Consultant Alec Harrell joined Compliance Pointers to share how organizations can align their cybersecurity controls with their healthcare compliance needs. Listen to the entire episode to learn: 🏥 Why cybersecurity can be extra challenging for healthcare organizations 🏥 Is complying with the HIPAA Security Rule doing enough? 🏥 Security frameworks that make sense for the healthcare sector Learn more about CompliancePoint's cybersecurity services here: https://www.compliancepoint.com/services/cyber-security/ Learn more about CompliancePoint's healthcar...2025-05-0715 min
Compliance PointersS3 E16: Changes at HHS and the Impact on HIPAAHHS has undergone significant changes under the Trump Administration and Secretary Kennedy. Sarah Reckling joined Compliance Pointers to give her perspective on:⚕️ How HHS has changed⚕️ The impact on HIPAA investigations⚕️ Security rule status⚕️ How healthcare organizations should account for the changesLearn more about CompliancePoint's healthcare and HIPAA services at https://www.compliancepoint.com/services/healthcare/hipaa-compliance/2025-04-3022 min
Compliance PointersS3 E15: Medical Device CybersecurityMedical devices can increase the risk of cyberattacks and data breaches involving PHI for healthcare organizations. Carol Amick, Director of Healthcare Services, joins Compliance Pointers to help organizations better understand: ⚕️ The types of devices that create risk ⚕️ Why those devices create risk ⚕️ How to mitigate risks ⚕️ Incident response and device management strategiesLearn more about CompliancePoint's healthcare services at https://www.compliancepoint.com/services/healthcare/2025-04-2315 min
Socializing SecurityE045 - Dialed In: Telemarketing, Compliance, and Consumer ProtectionTelemarketing compliance isn’t exactly the hottest topic in tech circles… but maybe it should be.
In this episode, Milou and Brian sit down with Kevin Mayfield, Manager of Marketing Compliance at CompliancePoint, to dig into the often-overlooked world of do-not-call laws, TCPA risks, and the real impact of telemarketing rules on tech companies (yes, even yours). This episode breaks down what really gets companies in trouble with telemarketing—and what you can do to stay out of the spammy danger zone.
We talk about:
- Why marketing compliance is more high-risk than CAN-SPAM implie...2025-04-2248 min
Compliance PointersS3 E14: Leveraging AI in PCI AssessmentsFresh on the heels of the PCI Security Standards Council releasing guidance on integrating #AI into PCI assessments, Brandon Breslin joins Compliance Pointers to discuss how organizations with PCI goals can leverage AI. Listen to the complete episode and hear Brandon’s perspective on:💳 Benefits and risks of AI in PCI assessments💳 Addressing data sensitivity and accuracy concerns💳 Creating an AI planLearn about CompliancePoint's PCI services at https://www.compliancepoint.com/services/information-security/pci-dss-certification/2025-04-1620 min
Compliance PointersS3 E13: Cybersecurity in an Era of DeregulationMilou Meier, Founder of Compliance Counsel, is this week’s guest on Compliance Pointers. She gives her thoughts on how the new administration’s emphasis on deregulation will impact businesses’ cybersecurity efforts. Listen to the complete episode to hear Milou’s perspective on:🔒 How the cybersecurity landscape is changing🔒 Where businesses can turn for guidance🔒 Regulation expectations at the state level🔒 Strategies for uncertain timesLearn more about Compliance Counsel at https://www.compliancecounsel.com/Learn more about CompliancePoint's cybersecurity services at https://www.compliancepoint...2025-04-0928 min
Compliance PointersS3 E12: Building a Security and Privacy CultureClark Haynes, Head of IT at Modere, brings his 30 years of technology experience to Compliance Pointers. In this episode, Clark shares what he’s learned about:• Building a culture of security and privacy• Leveraging NIST• Providing employees with the right #cybersecurity training• Using AI and managing its risksLearn more about Modere at https://www.modere.com/Learn more about CompliancePoint's cybersecurity and privacy services at https://www.compliancepoint.com/2025-04-0236 min
Compliance PointersS3 E11: Telemarketing Litigation TrendsDarlene Geller-Stoff, VP of Litigation Support Services at CompliancePoint, brings her 30 years of experience to Compliance Pointers. Listen to the entire episode to learn about the trends she is seeing in TCPA and Telemarketing litigation, including:☎️ What’s behind a spike in reassigned numbers cases☎️ How businesses can defend themselves from these cases☎️ Other litigation trends, including a drop in #ATDS cases2025-03-2622 min
Compliance PointersS3 E10: A Compliance Journey with Tamara LauterbachIn a special episode of Compliance Pointers, Jordan chats with Tamara Lauterbach, Cybersecurity Manager at Guthrie about her journey through the cyber industry, common challenges she’s encountered, and strategies to overcome those challenges. Watch or listen to the complete episode to hear what Tamara has learned in her career about:• Building a culture of security• Pursuing #HITRUST• The importance of company-wide communication• The cybersecurity challenges #healthcare organizations are facingLearn about CompliancePoint's cybersecurity services here: https://www.compliancepoint.com/services/cyber-security/2025-03-1938 min
Compliance PointersS3 E9: The Top Privacy Priorities of 2025What should your privacy program be focused on in 2025? Matt Dumiak shares his top privacy priorities for regulatory compliance, operations, and risk mitigation in the latest episode of Compliance Pointers? Listen or watch to learn what your organization should be doing about:Data Privacy Impact AssessmentsAdTechSafeguarding Protected Health Information Children’s data and #COPPA complianceWebsite privacy functionality, including cookiesLearn more about CompliancePoint's suite of privacy services at https://www.compliancepoint.com/services/privacy/2025-03-0526 min
Compliance PointersS3 E8: Selecting the Right ISO Readiness PartnerISO expert David Forman, Founder at Mastermind, joins us for another episode of Compliance Pointers. David explains what organizations should look for when searching for a readiness partner. Watch or listen to the entire episode to uncover:🔎 Qualities to prioritize when evaluating readiness partners🔎 When it makes sense to outsource your internal audit🔎 Red flags associated with inexperienced advisory teamsLearn more about Mastermind here: https://mastermindassurance.com/Learn more about CompliancePoint's ISO and other InfoSec certification services here: https://www.compliancepoint.com/services/information-security/2025-02-2637 min
Compliance PointersS3 E7: CompliancePoint ExchangeCompliancePoint Exchange, a new event dedicated to marketing compliance and data privacy, is happening March 11-12 in Orlando. Matt Cagle joined Compliance Pointers to give an in-depth look at CPX, including info on the scheduled sessions, presenters, and some fun events planned. Learn more about CPX and register here: https://www.compliancepoint.com/cpx/2025-02-1914 min
Compliance PointersS3 E6: Using AI in Security and Compliance AssessmentsHow can your organization use AI to streamline security and compliance assessments? Brandon Breslin has answers in this week’s Compliance Pointers episode. Listen to learn: 🤖 How AI is being used in assessments 🤖 The benefits of AI 🤖 The risks of AI and how to manage those risks 🤖 What does the future hold? Learn more about CompliancePoint's InfoSec Certifications services at https://www.compliancepoint.com/services/information-security/2025-02-1219 min
Compliance PointersS3 E5: Protecting Your Business From Professional PlaintiffsS3 E5: Protecting Your Business From Professional Plaintiffs2025-02-0520 min
Compliance PointersS3 E4: Building a Third-party Risk Management ProgramYour cybersecurity risk increases when your organization shares data or IT infrastructure with third-party vendors. In this episode of Compliance Pointers, Stephen Haley teaches us about the key components of a Third-party Risk Management Program. Listen to the entire episode and learn about:⚠️ The core components of a Third-party Risk Management program⚠️ Assessing Your Vendors⚠️ Getting your security requirements in your vendor contracts⚠️ Monitoring your third partiesLearn more about CompliancePoint's cybersecurity services at https://www.compliancepoint.com/services/cyber-security/2025-01-2928 min
Compliance PointersS3 E3: Telemarketing Regulations: What to Expect in 2025In this episode of Compliance Pointers, Tony Jarnigan explores how telemarketing regulations could evolve in 2025. Click the link in the comments to listen to the entire to learn about:☎️ The Trump administration's impact on telemarketing☎️ Where does one-to-one consent stand☎️ Consent revocation changes☎️ Verbal consent☎️ Automated dialing under the #TCPA and state lawsLearn more about CompliancePoint's Marketing Compliance services at: https://www.compliancepoint.com/services/marketing-compliance/2025-01-2221 min
Compliance PointersS3 E2: Proposed HIPAA Security Rule UpdatesIn this episode of Compliance Pointers, Carol Amick breaks down the proposed HIPAA Security Rule updates. Click the link in the comments to listen to the entire episode and learn about: 🩺 The major proposed changes 🩺 Enforcement expectations 🩺 Actions for #healthcare organizations to take now 🩺 How the incoming administration could impact the new rules Learn more about CompliancePoint's HIPAA compliance services at https://www.compliancepoint.com/services/healthcare/hipaa-compliance/2025-01-1519 min
Compliance PointersS3 E1: PCI and SOC 2 Combined AuditsIn the first episode of Compliance Pointers in 2025, Brandon Breslin dives into combined PCI and SOC 2 audits. There’s a lot of valuable info for organizations that need to demonstrate #compliance with both #cybersecurity standards. Listen to the entire episode and learn:🔎 The benefits of combined audits🔎 How to ensure your combined audits are successful🔎 Leveraging a #GRC tool🔎 Remediation effortsLearn more about our PCI services: https://www.compliancepoint.com/services/information-security/pci-dss-certification/and our SOC 2 services: https://www.compliancepoint.com/services/information-security/soc2-compliance/2025-01-0819 min
Compliance PointersS2 E37: Privacy Regulations: 2024 Review and 2025 PreviewThe privacy regulations landscape is constantly evolving. In this episode of CompliancePointers, Matt Dumiak reviews the significant events of 2024 and the potential changes we could see in 2025 that will impact your privacy compliance efforts, including:State privacy laws that went into effect in 2024, and those scheduled for 2025Enforcement trendsPotential CCPA amendmentsThe emphasis on cookies and website privacy functionalityWhere the prospect of a federal privacy bill standsLearn more about CompliancePoint's suite of privacy services at: https://www.compliancepoint.com/services/privacy/2024-12-1829 min
Compliance PointersS2 E36: The Impact of One-to-one Consent on Outbound CallingThe FCC one-to-one consent rule is a significant change in the telemarketing space that takes effect in January. Jason Shatzkamer, CEO of OutboundIQ, joined Compliance Pointers to discuss how the rule change will impact outbound calling efforts. Listen to the entire episode to learn about:📞 How the industry is responding📞 The resulting lead-generation trends📞 The impact on call centers📞 Strategies for complianceLearn more about CompliancePoint's marketing compliance services.Learn more about OutboundIQ's services at https://www.outboundiq.com/2024-11-1328 min
Compliance PointersS2 E35: CMMC is Finalized, What Comes Next?CMMC is finalized. In this episode of Compliance Pointers, Chris Abacon discusses the next steps for organizations looking to get certified. Listen to the entire episode to learn about:💻 Where DFARS stands💻 The phases of the CMMC rollout💻 Certification stepsTo learn more about CompliancePoint's CMMC certification services visit https://www.compliancepoint.com/services/federal-cybersecurity-compliance/cmmc-certification/2024-11-0622 min
Compliance PointersS2 E34: Getting Ahead of PCI DSS 4.0 Future-dated RequirementsPCI DSS v4.0 includes many requirements that are future-dated for March 31, 2025. In this episode of Compliance Pointers, Brandon Breslin explains how organizations can meet these requirements before the deadline that is quickly approaching. Listen to the entire episode to learn more about: 💳 The most critical PCI future-dated requirements including user access reviews, internal authentication scanning, and payment page scripts. 💳 Implementation challenges 💳 The most effective #compliance strategies Learn more about CompliancePoint's PCI DSS services at https://www.compliancepoint.com/services/information-security/pci-dss-certification/2024-10-2321 min
The Other Side Of The FirewallWhy Does CMMC Matter?The conversation explores the recent changes in the cybersecurity industry, particularly focusing on the excitement surrounding CMMC and the role C3PAOs play in the evolving community.Article: DOD Simplifies Process for Defense Contractors to Comply With Cybersecurity Ruleshttps://www.defense.gov/News/News-Stories/Article/Article/3938314/dod-simplifies-process-for-defense-contractors-to-comply-with-cybersecurity-rul/Courtney Jackson - Paragon - a veteran-led C3PAO (CMMC Third Party Assessment Organization), based in Tampa, FL. ParagonCyberSolutions.com (Company)Jacob Hill - GRC Academy - offering comprehensive CMMC training.2024-10-2217 min
Compliance PointersS2 E33: Deciding Between SOC 2 and HITRUST What cybersecurity framework makes more sense for small and mid-sized businesses, SOC 2 or HITRUST? In this episode of Compliance Pointers, Brooke Gardner helps answer that question. Listen to the entire episode to learn:⚖️ The benefits of SOC 2⚖️ The benefits of HITRUST⚖️ How the scopes compare⚖️ Market recognition for both standards⚖️ The different certification processes⚖️ The cost and time commitment for eachLearn more about CompliancePoint's SOC 2 and HITRUST services.2024-10-1616 min
Compliance PointersS2 E32: AI and Compliance with Privacy Regulations and the TCPAPatagonia is facing a lawsuit stemming from the use of AI tools in its customer service operations. In this episode of Compliance Pointers, Kara Urbaniak breaks down what businesses, especially those that use telemarketing, can take away from this case. Listen to the entire episode to learn about:✅ The Patagonia allegations✅ Other companies facing AI legal troubles✅ The relevant laws already on the books✅ The potential for TCPA lawsuits✅ AI and privacy regulation complianceLearn more about CompliancePoint's data privacy and marketing compliance services.2024-10-0915 min
Compliance PointersS2 E31: Why ISO Makes Sense Even Without a Customer RequirementIn this episode of Compliance Pointers, David Forman from Mastermind joins us to share some of his ISO expertise. David explains why complying with frameworks like ISO 27001, ISO 27701, and ISO 42001 can be a good move for businesses, even if they don’t have a customer requirement or may never seek formal certification. Listen to the entire episode to learn about:· Leveraging ISO as a baseline for establishing new policies· How governance helps prepare rotating organizational requirements· Building a culture of security and #privacy· Starting ISO implementation by focusing on scope and risk m...2024-10-0230 min
Compliance PointersS2 E30: Common HIPAA Privacy Rule MistakesHIPAA is comprised of the Security Rule, Privacy Rule, and Breach Notification Rule. In this episode of Compliance Points, Carol Amick shares the most common Privacy Rule mistakes she sees healthcare organizations make. She also discusses how your organization can avoid those mistakes. Listen to learn about: ⚕️ Website privacy notices for health data ⚕️ Updating privacy policies and procedures ⚕️ Breach notification obligations ⚕️ Privacy risk assessmentsTo learn more about CompliancePoint's healthcare security and privacy services at https://www.compliancepoint.com/services/healthcare/2024-09-2520 min
Compliance PointersS2 E29: Website Privacy Functions and ControlsThe Office of the New York State Attorney General conducted an investigation to discover if website privacy functions and controls were operating properly. In this episode of Compliance Pointers, Matt Dumiak explores the results of the investigation and what businesses can do to ensure their cookies and other online tracking tools are compliant with all applicable laws. Listen to learn:🍪 Common challenges with cookies, tags, and other tracking tools🍪 Business strategies for success🍪 The risks of tracking technology not functioning properlyLearn more about CompliancePoint's Privacy Services.2024-09-1825 min
Compliance PointersS2 E28: The Value of Compliance OrchestrationIn this episode of Compliance Pointers, Brandon Breslin explains why organizations should consider breaking away from the point-in-time audit routine and utilize a compliance orchestration strategy. This method can end the audit crunch and streamline the compliance process for PCI DSS, SOC 2, ISO 27001, and other frameworks. Listen to learn:⏱️ Compliance orchestration: what and why⏱️ The benefits⏱️ How to get started⏱️ Implementation challenges and solutionsTo learn more about CompliancePoint's cybersecurity, privacy, and marketing compliance services, visit www.compliancepoint.com.2024-09-1121 min
Compliance PointersS2 E27: Consent Revocation Rules and Best PracticesHonoring consent revocations or opt-outs is a key component of TCPA compliance. In this episode of Compliance Pointers, Tony Jarnigan breaks down how revocation rules are evolving. Take a listen to learn about:📵 Acceptable opt-out methods📵 How much time businesses have to honor requests📵 Recent court cases📵 Honoring consent revocation best practicesLearn more about CompliancePoint's marketing compliance services at https://www.compliancepoint.com/services/marketing-compliance/2024-09-0420 min
Compliance PointersS2 E26: Risk and Data Stewardship Throughout the Business Life CycleAs a business grows, its cybersecurity program and data stewardship strategies need to keep pace. In this episode of Compliance Pointers, Greg Sparrow explores how risk management priorities will evolve throughout the business life cycle. Take a listen to learn about:· Risk management concerns for startups· When to start thinking about InfoSec certifications· Building a security program that scales your business· Risk strategies for venture capital and private equity firms approaching a saleLearn about all of CompliancePoint's cybersecurity, assurance, and marketing compliance services at https://www.compliancepoint.com/2024-08-2126 min
Compliance PointersS2 E25: Data Stewardship for Venture Capital and Private Equity FirmsCompliancePoint President Greg Sparrow is the guest on this episode of Compliance Pointers. Greg explains the importance of data stewardship for venture capital and private equity firms. A link to the complete episode is in the comments. Listen to learn:· What data stewardship entails and why it’s important to a company’s success· How data stewardship evolves throughout a business’s lifecycleLearn about all of CompliancePoint's cybersecurity, assurance, and marketing compliance services at https://www.compliancepoint.com/2024-08-1418 min
Compliance PointersS2 E24: Geopolitical Ransomware - The Growing Threat and Defense StrategiesIn this episode of Compliance Pointers, Steve Hahn from BullWall and Steve Haley from CompliancePoint take an in-depth look into geopolitical ransomware. They detail how the cybersecurity threat from Russia has grown since the start of the war in Ukraine. Be sure to listen for a breakdown of:· How ransomware has evolved· The motivation beyond money· Attack patterns· The industries most often targeted· Tools and strategies to immediately contain an attack· Ransomware prevention best practicesLearn more about BullWall's ransomware containment and protection products at https...2024-08-0742 min
What's Up with Tech?Mastering Data Privacy and Risk Management: Insights on Compliance, Security, and Industry ChallengesInterested in being a guest? Email us at admin@evankirstel.comUnlock the secrets of mastering privacy, security, compliance, and risk management in today's fast-paced business world with industry expert Greg Sparrow, President of CompliancePoint. Discover how Greg's extensive background in e-commerce and information security is helping organizations navigate the complexities of data stewardship, especially for startups and private equity firms. Gain valuable insights into the evolving regulatory landscape, including the significant impacts of GDPR and U.S. state-level data privacy laws. We also touch on the unique compliance challenges in managing PHI data within the healthcare...2024-07-2319 min
Compliance PointersS2 E23: Compliance Pointers is Taking a Short Summer BreakCompliance Pointers is taking a short summer break. We'll be back in August with new episodes. Be sure to catch up on recent episodes until then.To learn more about CPX24 visit: https://info.compliancepoint.com/cpxLearn more about CompliancePoint at: https://www.compliancepoint.com/2024-07-0301 min
Compliance PointersS2 E22: Where are all the ISO 42001 Certificates Part 2In this episode of Compliance Pointers, we conclude our conversation on ISO 42001, the new standard for Artificial Intelligence Management System. David Forman from Mastermind provides valuable information for organizations planning to become ISO 42001 certified. Listen to the entire episode to learn a certification body’s viewpoint covering:✔️ What you should be doing now to prepare for certification✔️ What to expect across the 2-stage certification process✔️ Tools that can help with certification✔️ Conducting integrated ISO 27001, ISO 27701, and ISO 42001 auditsLearn more about Mastermind at https://mastermindassurance.com/Connect with David at http...2024-06-1924 min
Compliance PointersS2 E21: Where are all the ISO 42001 Certificates Part 1In this episode of Compliance Pointer, David Forman from Mastermind joins us to talk ISO 42001, a new Artificial Intelligence Management System. Listen to part 1 of our conversation to learn about:· ISO 42001 essentials· How ISO 42001 compares to other #ISO standards, such as ISO 27001· AI System Impact Assessments· When to expect auditors to become accredited to issue these certificatesLearn more about Mastermind at https://mastermindassurance.com/Connect with David at https://www.linkedin.com/in/masterminddavid/Learn about CompliancePoint's privacy, security, assurance, and marketing compliance services at h...2024-06-1227 min
Compliance PointersS2 E20: ISO 27001: 2022 Common Challenges and SolutionsOrganizations that hold an ISO 27001 certification need to transition to the new 2022 version by October 2025. One of our ISO practitioners breaks down the common challenges businesses will face in the transition and how to overcome them. Take a listen to learn:· The transition timeline· Common challenges· Transition strategies· Can this be done internally?· How long to expect the transition to takeTo learn about CompliancePoint’s ISO 27001 services visit https://www.compliancepoint.com/services/iso-27001-certification/Learn about all of our marketing compliance, cybersecurity, and assuran...2024-06-0517 min
Compliance PointersS2 E19: State-level TCPAs: The Requirements and RisksState laws that mimic the TCPA are typically more restrictive than the federal law, creating more risk for telemarketing organizations. In this episode of Compliance Pointers, two highly experienced marketing compliance consultants break down the state-level telemarketing regulations, including:· The importance of express written consent· Common requirements throughout the states· The risks of non-complianceTo learn more about CompliancePoint's Marketing Compliance services visit https://www.compliancepoint.com/2024-05-2224 min
Compliance PointersS2 E18: Change Healthcare - The Impact and the Lessons LearnedThe Change Healthcare cyberattack has had a huge ripple effect across the healthcare industry. The director of CompliancePoint’s Healthcare Services joins the podcast to explore:· What went wrong· The lessons we can learn· The keys to an effective response plan· How organizations can handle the expected increase in security scrutiny· How to stay current with new and emerging threatsTo learn about our suite of privacy, cybersecurity, and marketing compliance services, visit www.compliancepoint.com. 2024-05-1526 min
Compliance PointersS2 E17: Where you Should be in the Transition to PCI DSS v4.0With the retirement of PCI DSS v3.2.1 now official, how far along does your organization need to be in the transition to v4.0? In this episode of Compliance Pointers two PCI experts will help make sure you’re on the correct path. Take a listen to learn:💳 Where we are in the transition timeline💳 How challenging the transition has been💳 The new controls💳 What you should be doing to prepare for #PCI DSS 4.0 assessments💳 Our strategies for helping customers transitionLearn more about our PCI DSS services here: https://www...2024-05-0819 min
Compliance PointersS2 E16: Building an Effective Cybersecurity Training ProgramHuman error can be the biggest threat to your organization's cybersecurity. This is why security awareness training is a valuable investment. In this episode of Compliance Pointers, we explore what it takes to implement an effective training program. Give it a listen to learn about:🎓 The core components of a training program🎓 How to monitor the effectiveness of your training🎓 Innovative approaches🎓 Available resourcesLearn about our suite of security, privacy, and marketing compliance services at complinacepoint.com.2024-05-0127 min
Compliance PointersS2 E15: Breaking Down the American Privacy Rights ActIn this episode of Compliance Pointers we explore the new federal privacy bill, the American Privacy Rights Act Listen for a breakdown of:Business requirementsHow it would work with existing state lawsEnforcement bodies and the private right of actionThe impact on your existing privacy programWe also touch on the new laws at the state level and CompliancePoint Exchange 24, an event in October focused on data privacy and marketing compliance.To learn more about CompliancePoint's suite of privacy, security, and marketing compliance services at www.compliancepoint.com.2024-04-2424 min
Compliance PointersS2 E14: Telemarketing Regulations Update Spring 2024The regulatory environment for telemarketing and direct marketing is always changing. Recent rule changes and bills have or could potentially impact the TCPA and TSR. Take a listen to learn about:The Do Not Disturb ActChanges to record-keeping requirementsUpdated B2B call rulesTo learn more about CompliancePoint's suite of privacy, security, and marketing compliance services at www.compliancepoint.com.2024-04-1026 min
Compliance PointersS2 E13: The Essentials of Penetration Testing Part 2This week’s episode of Compliance Pointers is the conclusion of our penetration testing conversation. In part 2 we explore:· Creating a scope· The rules of engagement· What to expect in your reportLearn more about CompliancePoint's penetration testing services at https://www.compliancepoint.com/services/cyber-security/penetration-testing/Learn more about our full suite of security, privacy, and assurance services at https://www.compliancepoint.com/2024-03-2715 min
Compliance PointersS2 E12: The Essentials of Penetration Testing Part 1In this episode of Compliance Pointers, we focus on penetration testing. A pen tester with more than 10 years of experience covers:What pen testing is and why it's key to a successful cybersecurity programWhat areas need to be testedThe qualifications to look for in a testerLearn more about CompliancePoint's penetration testing services at https://www.compliancepoint.com/services/cyber-security/penetration-testing/Learn more about our full suite of security, privacy, and assurance services at https://www.compliancepoint.com/2024-03-2020 min
Compliance PointersS2 E11: Reducing the Risk of Internal Threats in HealthcareThis episode of Compliance Pointers explores how healthcare organizations can better defend against internal security threats. Take a listen to learn:🏥 Policies and procedures to implement🏥 How to monitor for inappropriate access to PHI🏥 The keys to effective employee #security trainingLearn more about our suite of healthcare services here: https://www.compliancepoint.com/2024-03-1326 min
Compliance PointersS2 E10: Why You Need to do Calling Data AuditsIn this episode of Compliance Pointers, we explore calling data audits. These audits are a powerful tool for telemarketers, but many organizations are unaware of their benefits. Listen to learn:· What calling data audits are· How they can account for legal requirements and business rules · The lessons that can be learned from the data· How they can help target higher-quality leads · Safe Harbor and compliance benefitsTo learn more about CompliancePoint's suite of privacy, security, and marketing compliance services at www.compliancepoint.com.2024-03-0621 min
Compliance PointersS2 E9: The Impact of AI on Privacy Regulations and ComplianceIn this episode of Compliance Pointers, we explore the impact of artificial intelligence on privacy regulations and compliance as its use continues to expand. Topics covered include:Early regulatory actionsHow state laws are handling AICommon privacy-related challenges stemming from the use of AIActions organizations can take to make compliance now and in the future easierLearn more about CompliancePoint's privacy, security, and assurance services at www.compliancepoint.com. 2024-02-2823 min
Compliance PointersS2 E8: Getting to Know PCI 3DSIn this episode of Compliance Pointers, we explore PCI 3DS a framework that provides security protections for online card transactions. Two 3DS QSAs give you information about:💳 What PCI 3DS is💳 If it applies to your organization💳 The benefits of 3DS certification💳 The major security requirements💳 The validation process💳 The relationship between PCI DSS and 3DSLearn more about PCI 3DS at https://www.compliancepoint.com/regulations/pci-3ds/Learn more about CompliancePoint's privacy, security, and assurance services at https://www.compliancepoint.com/2024-02-2125 min
Compliance PointersS2 E7: Achieving Compliance with NIST 800-171 Part 2In this episode of Compliance Pointers, we conclude our conversation about NIST 800-171, which is the framework that serves as the foundation of CMMC certification. Two cybersecurity experts with military backgrounds provide in-depth information on:· How to measure your existing security program against NIST requirements· How organizations can create a roadmap to compliance· Their methods for helping organizations reach complianceMore info on NIST 800-171: https://www.compliancepoint.com/regulations/nist-800-171/More info on CMMC certification: https://www.compliancepoint.com/services/cmmc-certification/To learn about CompliancePoint's full suite of securit...2024-02-1419 min
Compliance PointersS2 E6: Achieving NIST 800-171 Compliance Part 1This episode of Compliance Pointers is part 1 of a deep dive into NIST 800-171, which is the framework that serves as the foundation of CMMC certification. Two cybersecurity experts with military backgrounds provide in-depth information on:· The contract language, specifically FAR and DFAR· The security controls and assessment requirementsMore info on NIST 800-171: https://www.compliancepoint.com/regulations/nist-800-171/More info on CMMC certification: https://www.compliancepoint.com/services/cmmc-certification/To learn about CompliancePoint's full suite of security, privacy, and compliance services, visit compliancepoint.com.2024-02-0720 min
Compliance PointersS2 E5: The Value of Risk Assessments in HealthcareIn this episode, we dive into healthcare risk assessments. You will learn about:Why healthcare organizations need to conduct assessmentsFrameworks to use a guideThe importance beyond regulatory complianceHow to get startedRemediation steps after the assessmentLearn about our risk assessment services here. To learn about all of our security, privacy, and compliance services, visit compliancepoint.com.2024-01-3122 min
Compliance PointersS2 E4: Understanding Your Privacy Notice ObligationsIn this episode of Compliance Pointers, we explore privacy notices. Privacy expert Matt Dumiak provides an in-depth analysis of:Common requirements for privacy noticesHow requirements vary from state to state, and in EuropeCommon challenges organizations face when creating noticesStrategies to make privacy notices easierLearn more about how we can help your organization overcome its privacy challenges here. Visit CompliancePoint.com to learn about all of our privacy, security, and compliance services.2024-01-2423 min
Compliance PointersS2 E3: The Impact of the FCC's New Lead Generation RulesThe FCC has adopted new rules for lead generation. In this episode, marketing compliance professionals break down the new requirements, how they will impact organizations that generate and sell leads, and the impact on organizations that purchase leads.You can learn about the new rules here. Explore our suite of security, privacy, and compliance services at compliancepoint.com.2024-01-1725 min
Compliance PointersS2 E2: The Major Changes in PCI DSS v.40In this episode, we explore what is new in the PCI DSS v4.0 standard. A team of PCI experts gives an in-depth explanation of how requirement changes in the following areas will impact your certification efforts:· Risk Management· Identification and Authentication· Cryptography· Vulnerability Management· Staff Training· Service Provider RequirementsLearn more about PCI DSS here. Learn more about our suite of security, privacy, and compliance services at CompliancePoint.com2024-01-1030 min
Compliance PointersS2 E1: Preparing for a SOC 2 AuditIn this episode, we explore what organizations should do to prepare for a SOC 2 audit. We explore:The different types of AICPA Service Organization Control attestationsStrategies that can improve the odds of a successful auditThe importance of avoiding overly rigid requirements and having realistic control objectivesThe role of Control Owners The importance of policy and supporting procedure documentationSelecting a CPA attestation firm?The best way to find any gaps or red flags in your security program before the auditHow to prepare your staff for the auditLearn more about SOC 2 here. Visit CompliancePoint.com to learn about...2024-01-0328 min
Compliance PointersS1 E6: Making Data Privacy Impact Assessments EasierIn this episode, we explore Data Privacy Impact Assessments, or DPIAs. We’ll break down what they are, when and why they are needed, and some strategies to make completing them easier.To learn more about how we can help your organization comply with all privacy regulations, visit CompliancePoint.com.2023-12-1325 min
Compliance PointersS1 E5: Effective Vendor Security EvaluationsAre the vendors and third parties your organization shares data with keeping that data safe? Your organization is responsible for protecting the data it collects. In this episode, we explore steps organizations can take to reduce the risk of a breach caused by a vendor or partner.Visit CompliancePoint.com to learn more about our suite of risk management and compliance services.2023-12-0630 min
Compliance PointersS1 E4: CMMC: The Requirements, Challenges, and BenefitsCMMC, or the Cybersecurity Maturity Model Certification, is a security certification organizations need to hold in order to land Department of Defense contracts. We’re going to explore the requirements that need to be met to get that certification, some of the challenges organizations can expect along the way, and the benefits of CMMC compliance.Learn more about CMMC here. Visit CompliancePoint.com to learn about our suite of risk management and compliance services.2023-11-2921 min
Compliance PointersS1 E3: Transitioning to PCI DSS v4.0Organizations that hold a PCI DSS certification, or that are working towards certification need a plan to meet the requirements of the new version 4.0 standard. In this episode we break down the transition timelines, the actions organizations need to take to ensure a smooth move to 4.0, and the role a QSA should play in the process.Learn more about PCI DSS here. Visit CompliancePoint.com to learn about our suite of risk management and compliance services.2023-11-1530 min
Compliance PointersS1 E2: Effective Record Keeping for Do Not Call ComplianceQuality records are a key component of proving compliance with Do Not Call laws. In this episode, we cover what types of evidence need to be gathered and maintained. We also explore how effective record keeping is beneficial for verification, resolving disputes, defense against professional plaintiffs, and leveraging Do Not Call Safe Harbor.Learn more about Do Not Call laws here. Visit CompliancePoint.com to learn about our suite of risk management and compliance services.2023-11-0827 min
Compliance PointersS1 E1: Web Trackers and HIPAA ComplianceThe Office of Civil Rights of the Department of Health and Human Services issued a bulletin warning organizations that the use of trackers on websites and apps could result in the collection of PHI and potential HIPAA violations. In this episode, we'll explore what organizations need to do to safely use trackers and the penalties companies are facing for non-compliance.Learn more about HIPAA here. Visit CompliancePoint.com to learn about our suite of risk management and compliance services.2023-10-2629 min
Great Security DebateNo More Ads, No More Privacy Problem?This week’s debate comes amid a combo platter of increased analytics leading to near-immediate contact when visiting a product’s website, along with more clarity from enforcement bodies about how they will approach their respective privacy legislation. One such fine was the Sephora CCPA matter in which California Attorney General levied a $1.2M fine on the company ([https://oag.ca.gov/news/press-releases/attorney-general-bonta-announces-settlement-sephora-part-ongoing-enforcement])Listen in to hear Dan, Brian and Erik talk about:Are privacy and shareholder value at odds? How does protecting the privacy of the consumer help shareholder value?A re...2022-10-0355 min
TAGTV Online - TAG RadioGreg Sparrow, CompliancePoint Information Security Practice VP & General Manager121515-Sparrow2015-12-1510 min
LeadsCon LiveComplying with the FCC’s New TCPA Declaratory RulingOn Friday, July 10, 2015, the Federal Communications Commission issued its anticipated Declaratory Ruling and Order on the Telephone Consumer Protection Act that it previously approved at its June 18 Open Commission Meeting. The Ruling, which was effective upon release, increases the potential for liability under the TCPA. In fact, it is perhaps the most significant consumer protection action by the FCC since establishment of the Do-Not-Call Registry and imposes liability that may be beyond a calling party’s reasonable control. The Ruling will necessarily impact how telemarketers interact with consumers via telephone and SMS text message. TCPA-related class action litigation and regulatory en...2015-08-131h 00
On the MoneyCYBER SECURITY FOR SMALL BUSINESS: Jeff Brown with CompliancePointJeff Brown with CompliancePoint joins Joe Moss to discuss cyber security and how small businesses can protect themselves from computer hacking. Jeff Brown/CompliancePoint Inc. Is your information security working as designed? Do you understand the risks to your business if there were a data breach? No matter what your business, failure to comply with relevant legislation or […]The post CYBER SECURITY FOR SMALL BUSINESS: Jeff Brown with CompliancePoint appeared first on Business RadioX ®.2014-09-1100 min