ANX Corporate Blog: Posts tagged as compliance
Showing 6 through 10 of 23 total posts
Aug 9th 2011, 09:54
ANX Adds New Secure Cloud Gateway to PCI Security & Compliance Solution
New gateway helps smaller businesses more cost-effectively achieve and maintain PCI DSS compliance
SOUTHFIELD, Mich. (August 15, 2011)– ANXeBusiness Corp. (ANX), a leading provider of managed security, compliance and connectivity solutions, today announced Secure Cloud Gateway, an enhancement to its PCI Compliance & Security solution for small businesses. Secure Cloud Gateway includes proprietary technology with features that focus on ensuring merchant PCI DSS compliance.
The ANX PCI Compliance & Security solution affords merchants and small businesses all of the cost benefits of cloud-based technology by delivering a suite of cloud-based UTM services that eliminate threats from viruses, worms, Trojan horses, spyware and other malware launched from
SOUTHFIELD, Mich. (August 15, 2011)– ANXeBusiness Corp. (ANX), a leading provider of managed security, compliance and connectivity solutions, today announced Secure Cloud Gateway, an enhancement to its PCI Compliance & Security solution for small businesses. Secure Cloud Gateway includes proprietary technology with features that focus on ensuring merchant PCI DSS compliance.
The ANX PCI Compliance & Security solution affords merchants and small businesses all of the cost benefits of cloud-based technology by delivering a suite of cloud-based UTM services that eliminate threats from viruses, worms, Trojan horses, spyware and other malware launched from
Jul 28th 2011, 15:49
HITECH Privacy and Security Regulations Update
While the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 is over two years old, most people do not realize that many of its requirements are not fully in place yet, specifically the data security and privacy requirements.
Originally, many of HITECH's requirements around privacy and security were supposed to be effective on February 17, 2010. HHS has stated that the expected date of compliance and enforcement of these new requirements, except for the data breach rules, will be delayed until a period after the issuance of the final rules, which are not out yet. Recently, the HHS announced that the final rules implementing HITECH's changes to privacy, security, and data breach notification will be issued together sometime this year,
Originally, many of HITECH's requirements around privacy and security were supposed to be effective on February 17, 2010. HHS has stated that the expected date of compliance and enforcement of these new requirements, except for the data breach rules, will be delayed until a period after the issuance of the final rules, which are not out yet. Recently, the HHS announced that the final rules implementing HITECH's changes to privacy, security, and data breach notification will be issued together sometime this year,
Jul 28th 2011, 15:48
HITECH Accounting of Disclosures Rule
The HITECH act Sec 13405(c) establishes a new right for patients to receive an accounting of who accessed their PHI.
HHS released a Notice of Proposed Rulemaking (NPRM) relating to this new right that expands on the text of the law and has significant impact to covered entities and business associates.
The new proposal creates the right for a patient to obtain a report of all uses and disclosures of their PHI. Since the HIPAA Security Rule requires audit logging, there is a presumption that this data is already collected. There is substantial disagreement as to whether the Security Rule actually requires all the logging that would be necessary to meet this new reporting requirement, and it is doubtful that most companies could easily accommodate such a request. Essentially, this
HHS released a Notice of Proposed Rulemaking (NPRM) relating to this new right that expands on the text of the law and has significant impact to covered entities and business associates.
The new proposal creates the right for a patient to obtain a report of all uses and disclosures of their PHI. Since the HIPAA Security Rule requires audit logging, there is a presumption that this data is already collected. There is substantial disagreement as to whether the Security Rule actually requires all the logging that would be necessary to meet this new reporting requirement, and it is doubtful that most companies could easily accommodate such a request. Essentially, this
Jul 28th 2011, 15:44
Canada's Anti-Spam Law
In December, 2010, Canada filling passed federal anti-spam legislation, after being the only G8 country not to have one. It was Bill C-28, formerly know as Fighting Internet and Wireless Spam Act (FISA). That name was dropped and now it has a variety of names, including Canada's Online Protection Legislation (COPL)
This law now gives Canada the strictest such law in the world and will have dramatic effects on businesses operating in Canada. Unlike the US, where CAN-SPAM covers only email, this law covers any electronic message, which is defined as "a message sent by any means of telecommunication, including a text, sound, voice or image message." So this would encompass all unsolicited email, text messages, tweets, instant messages sent to a business person. It does not
This law now gives Canada the strictest such law in the world and will have dramatic effects on businesses operating in Canada. Unlike the US, where CAN-SPAM covers only email, this law covers any electronic message, which is defined as "a message sent by any means of telecommunication, including a text, sound, voice or image message." So this would encompass all unsolicited email, text messages, tweets, instant messages sent to a business person. It does not
Jul 5th 2011, 15:08
PCI DSS 2.0 Clarifies Compliance in Virtual Environments
The good news about the new PCI DSS standard version 2.0 is that it’s not earth-shaking. In most respects, the changes it introduces are relatively minor, and there are no huge hurdles to adopting it. ANX strongly urges enterprises to start their PCI DSS 2.0 migration now to begin realizing some of the benefits it introduces – such as the fact that patching requirements move from the hard deadline of 30 days to a risk-based approach.
Enterprises that operate in virtualized environments or are looking to do so should definitely step up to PCI DSS 2.0, as virtualization is one area where the new standard does make substantial changes. There are several improvements that provide insights for best business practices, and that should also make QSAs much
Enterprises that operate in virtualized environments or are looking to do so should definitely step up to PCI DSS 2.0, as virtualization is one area where the new standard does make substantial changes. There are several improvements that provide insights for best business practices, and that should also make QSAs much