Dara Security

Recent Articles

HIPAA Expertise with CHPSE Certification

We are proud to announce our increased focus on the Health Insurance Portability and Accountability Act (HIPAA), the federal law that protects patient health information.  By providing in-depth HIPAA training and subsequent Certified HIPAA Privacy Security Expert (CHPSE) certification to our key staff who play a key role in HIPAA compliance, we are well-equipped to address the intricacies and ever-changing HIPAA requirements for our clients.

The CHPSE is the gold standard for HIPAA credentials and is the highest-level certification for core HIPAA compliance team members. ...

Read More

The Associate Qualified Security Assessor Program

In 2018, the PCI SCC introduced the new Associate Qualified Security Assessor (QSA) Program in order to attract new information security talent to the QSA Program, help meet the demand for QSAs, and ensure the sustainability of the QSA Program.  With the shortage of information security talent, QSA companies have found it challenging to find new assessors.  QSAs have been costly to hire and retain, which has increased the assessment costs for merchants and service providers relying on QSA services.  The Associate QSA Program would bring new information security talent into...

Read More

You’ve Achieved Compliance – Now What?

Achieving compliance with PCI’s standards requires organizations to dedicate significant resources to this effort.  Whether compliance is with PCI DSS, PA-DSS, or the P2PE standard, many entities would probably agree that the ritual of compliance can be a costly one.  Unfortunately, more resources must be spent to confirm compliance if there are any changes to the organization, software, or solution, or if there are modifications within the PCI requirements.

Many organizations achieve compliance and then reach out to their QSA to confirm compliance is maintained...

Read More

The General Data Protection Regulation

Promoted as the most important change in data privacy regulation in decades, the EU General Data Protection Regulation (GDPR) will be enforced on May 25, 2018.  Organizations that are not GDPR compliant after this enforcement date could face significant fines.

Replacing an obsolete data protection directive from 1995, GDPR is designed to allow individuals to better control how their personal information is collected and processed.  Organizations collecting or receiving data on citizens in any of the 28 member states of the European Union (EU) or UK are required to have...

Read More