To help you manage information security and regulatory compliance
Data Protection & Compliance Resources
Ask yourself:
- If data is lost, can it be restored, and how quickly?
- If a computer or smartphone escapes control of the company is its information accessible?
- What am I legally obligated to do if data security is breached?
- How do I protect my business and our clients/patients?
- What is my risk response plan?
Recent privacy laws hold businesses and their management liable for the confidentiality of employees’ and customers’ information:
- HIPAA, the Health Insurance Portability and Accountability Act, holds everyone from doctors to pharmacists accountable for protecting patient records.
- Gramm-Leach-Bliley Act holds financial advisors and institutions responsible for safeguarding customer information.
- State and Federal laws are requiring businesses to take proactive measures to protect customer and employee privacy, and to report breaches when they occur.
DriveStrike – Data Breach Protection
The DriveStrike solution works across all major platforms and is simple to implement and use. DriveStrike is versatile, serving individuals and all types of organizations. Protect your sensitive data, comply with privacy laws, and manage all of their devices in one central console with Drivestrike.
To help you manage information security and regulatory compliance
Data Protection & Compliance Resources
Establishing a comprehensive process to secure business and consumer information against threats is as important as a data backup plan that restores lost data. With the enactment of new data protection laws and stronger enforced than ever, companies must assess risks, implement controls, remove gaps, and regularly update data security processes.
At DriveStrike, we understand your risks and actively work to provide you with the most timely information and tools to address it. Below is a list of free resources: industry legal requirements, best practices, forms, links to other resources, incident response guides, and industry-specific templates for your data protection planning.
DriveStrike Background:
Mobile Device Use & Wipe Waiver Templates:
Make sure you define and implement company standards for acceptable mobile device use. It is also important that if your employees, contractors, or any other personnel access company data using their mobile device that you have them sign a remote wipe waiver and install a remote wipe solution.
- Mobile Device Acceptable Use Policy Template
- Mobile Device Remote Wipe Waiver Template
- Mobile Device Acceptable Use Training Presentation PDF
- Mobile Device Acceptable Use Training Presentation PowerPoint
Legal Requirements:
- Federal Trade Commission (Red Flag Rule)
- Red Flag How To Guide
- FTC Red Flags Video
- Federal Rules of Civil Procedure
- Health Insurance Portability and Accountability Act (HIPAA)
- HHS Risk Analysis and Risk Management Tool
- Federal Trade Commission Health Breach Notification Rule
- Department of Health Services Breach Notification Rule
- Massachusetts Standards for Personal Information Protection (201 CMR 17.00)
- Gramm-Leach-Bliley Act
- Sarbanes-Oxley Act
- Personal Data Privacy and Security Act of 2009
Privacy & Confidentiality Agreements/Templates
In several industries, regulations require that service providers with access to your data sign a business associate or confidentiality agreement. Even in non-regulated industries, such agreements help protect the technology buyer by documenting the responsibilities and quality standards your service partner employs in handling your data. Remember that if one of your service providers has a security breach you are obligated to notify your clients/patients. You are as strong or as vulnerable as your service providers.
- Business Associate Agreement (Medical/Dental – HIPAA).doc
- Confidentiality Agreement (All Suppliers).doc
- Access & Confidentiality Agreement for Students Employees Volunteers (Medical/Dental).doc
- Computer & Information Usage Agreement (Medical/Dental).doc
- Vendor Data Security and Confidentiality Agreement (Medical/Dental).doc
- Workforce Confidentiality Agreement (Medical, Dental).doc
How-To Guides, Incident Response Resources, & Other Tools
These are excellent resources for learning how to implement a security breach policy, process,and response plan.
- Data Breach Incident Response Workbook by Debix.pdf
- Data Breach Notification Responsibilities by Debix.pdf
- Breach Response Plan by AICPA.pdf
- HIPAA Security GAP Analysis.doc
- HIPAA Privacy GAP Analysis.xls
- HIPAA Business Associate Assessment.xls
- HIPAA EDI GAP Analysis.doc
- DHS Cyber Resilience Review
-
National Cybersecurity Assessments and Technical Services Resources
- Cyber Hygiene Services
- Phishing Campaign Assessment (PCA)
- Risk and Vulnerability Assessment (RVA)
- Validated Architecture Design Review (VADR) Training
Other Resources
Here are some links to outside resources and businesses that we respect.
- Microsoft BitLocker Administration & Monitoring VIDEO – Free if you have a Windows Pro License
- Open Source EndPoint Encryption VeraCrypt VIDEO – Free and easy to use
- American Institute of Certified Public Accountants (AICPA)
- Notification Laws (National Council of State Legislators)
- Notification Laws by State Info-Graphic