SaltyCloud is a Public Benefit Company

[vc_row css=".vc_custom_1539289638916{padding-top: 2rem !important;}"][vc_column width="4/5"][vc_column_text]UPDATE (February 2020) — The Department of Education Federal Student Aid released an electronic announcement. The announcement explains the procedures for enforcing the cybersecurity requirements under the Gramm-Leach-Bliley Act, and the consequences for institutions or servicers that fail to comply.  UPDATE (October 2019) — The Department of Education Office of Inspector General issued Dear CPA Letter CPA-19-01. The letter amends the 2016 Audit Guide and explains the process for auditors to determine whether Institutions of Higher Education are in compliance with the Gramm-Leach-Bliley Act. UPDATE (June 2018) — EDUCAUSE reports that the Council on Government Relations (COGR) has confirmed that the FY18 audit will not include an objective on the GLBA Safeguards Rule. EDUCAUSE guides their members to prepare for the audit objective FY19. UPDATE (March 2018) — The Department of Education has taken down the website with the draft audit language. According to EDUCAUSE this may indicate that it will not be included in the FY18 audit. For reference EDUCAUSE has archived the draft audit language here. Institutions of Higher Education (IHEs) are legally obliged by a variety of laws and legislature to protect student information. These include the Family Educational Rights and Privacy Act (FERPA) and the Gramm-Leach-Bliley

Regulations can help direct our efforts to where work might need to be done, but risk assessments give us advance notice of exactly where those gaps might be. Using a variety of applicable regulatory frameworks, anyone can shore up their compliance through the use of questionnaire-based risk assessments.

For anyone in the medical field, HIPAA sets the standards for the use and protection of medical information and impacts every organization across the healthcare ecosystem, whether interacting with patients or not. As if the threat (and reality) of breaches wasn’t enough, the regulators behind HIPAA mean business when it comes to compliance.

As you start to focus on the issues discovered during a cybersecurity risk assessment, figuring out how to address them can prove difficult. However, there are a few strategies that can help