As artificial intelligence embeds itself in day-to-day operations, the ISO 42001 certification has risen to prominence. Organizations, governments, regulators, and clients are now demanding higher standards of accountability from businesses who use AI to prove they handle it responsibly, transparently, and ethically. ISO 42001 is the world’s standard dedicated to the governance and management of […]

While building their internal cybersecurity program, most companies stumble into two frameworks: ISO 27001 and the NIST Cybersecurity Framework (CSF). Both offer ways to protect sensitive information, reduce risks, and meet compliance demands. Yet, they also serve different purposes. The challenge lies in figuring out which one of these frameworks to adopt, since this makes […]

Every financial institution or e-commerce company with a high volume of credit and debit card payments must understand PCI compliance. PCI, commonly referred to as PCI DSS, refers to a set of information security standards that define the requirements organizations must meet if they process, store, or transmit cardholder data. These were developed by the […]

If you’re a Quebec resident or do business in Quebec, you should know that Quebec’s Loi 25 doesn’t only require companies to protect personal data. It also demands a swift, structured incident response plan for when things go south. Having a concrete cyber security incident response protocol allows companies to alleviate the potential damage of data […]

Since September 2022, businesses with activities in Quebec or handling the information of its residents have had to progressively adhere to Quebec’s Loi 25, newest standard for privacy and data protection.  Loi 25 is an amendment to the former ‘Act Respecting the Protection of Personal Information In The Private Sector’, and introduces new guidelines that […]

Most companies ignore the consequences of non-compliance until they face the costs: difficulty to close deals struggling to enter and sell in new markets, or being subjected to regulatory fines. This happens either due to ignorance towards local regulations and responsibilities, or because they’re too focused on growing, to the point where they leave compliance […]

Quebec’s privacy and data security arena is transforming, and organizations are already racing against time to adapt. Mirroring the advanced privacy benchmarks set by Europe’s General Data Protection Regulation (GDPR), Quebec’s National Assembly unanimously passed Loi 25, also known as The Privacy Legislation Modernization Act, on September 21st, 2021. The regulation’s rollout consists of three […]

Accelerated tech transformation amidst the post-pandemic shift to remote work has expanded the attack surface and made organizations more vulnerable to cyber threats. Over six million data records were leaked in worldwide data breaches only in early 2023, with costs reaching an all-time high of $4.5 million. This makes ISO 27001 an invaluable certificate, as […]

If you’re building a healthcare compliance program, this resource will help you preserve patients’ privacy and safeguard the security of their medical information to build a posture of HIPAA compliance. The Health Insurance Portability and Accountability Act (HIPAA) requires any organization receiving, storing, transmitting, or processing protected health information (PHI) to keep that information private […]

PCI DSS is short for Payment Card Industry Data Security Standard, and it involves a specific set of requirements intended to ensure that all businesses that store, transmit, or maintain any cardholder data maintain a secure environment. Organizations such as merchants, issuers, acquirers, and processors all fall under the umbrella. Basically, if you accept payment […]