202 Matching Annotations
  1. May 2024
    1. Identify, prioritize, and resolve dependency risk Once dependencies are identified, Black Duck Security Advisories enable teams to evaluate them for associated risk, and guides prioritization and remediation efforts. Is it secure? Receive alerts for existing and newly discovered vulnerabilities, along with enhanced security data to evaluate exposure and plan remediation efforts. Is it trustworthy? Perform a post-build analysis on artifacts to detect the presence of malware, such as known malicious packages or suspicious files and file structures, as well as digital signatures, security mitigations, and sensitive information. Is it compliant? For every component identified, Black Duck SCA provides insights into license obligations and attribution requirements to reduce risk to intellectual property. Is it high quality? Black Duck SCA provides metrics that teams use to evaluate the health, history, community support, and reputation of a project, so that they can be proactive in their risk mitigation process.
    2. Black Duck® software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.
  2. Sep 2023
    1. To build HIPAA compliant software, developers need to be aware of and comply with several key requirements outlined in the HIPAA Privacy Rule and Security Rule. These requirements are designed to ensure the confidentiality, integrity, and availability of protected health information (PHI) and to prevent unauthorized access, use, or disclosure of PHI.

      Building software compliant with HIPAA standards necessitates a deep understanding of its Privacy and Security Rules to safeguard protected health information effectively.

  3. May 2023
    1. This ensures that GetResponse and our customers comply with Anti-Spam laws.

      IMHO, the customer should be able to opt out of this automatic adding if they want more/full control over the footer. Then they can take on the responsibility themselves.

  4. Feb 2023
    1. How digital solutions improve regulatory compliance: Facility documentation

      As healthcare regulations become increasingly complex, digital solutions are becoming essential tools for compliance. This recent blog post provides a comprehensive overview of how technology can streamline compliance tasks, reduce errors, and improve patient safety.

  5. Dec 2022
    1. For compliance reasons, you will not be able to see contacts who submit spam complaints in your exclusion list.  We do not offer the ability to export a list of spam complaints from FBLs at the moment. This is also for compliance. 

      "For compliance reasons". That's pretty vague. Compliance with what?

    1. Information is blocked from going outside the organization when data is not supposed to leave the tenant boundary for compliance purposes (for example, in U.S. Government organizations: Microsoft 365 GCC, GCC High, and DoD). Reporting a message or file to Microsoft from one of these organizations will have the following message in the result details: Further investigation needed. Your tenant does not allow data to leave the environment, so we could not find anything with an initial scan. You'll need to contact Microsoft support to have this item reviewed.

      seemingly contradictory:

      You'll need to contact Microsoft support to have this item reviewed. But they already tried to report it to Microsoft and it was blocked? What form of contacting Microsoft support is expected to be used and how is it better? Won't any form of "having this item reviewed" cause it to leave the boundary and go outside the organization?

  6. Aug 2022
    1. ReconfigBehSci. (2021, November 26). Parts of Germany seem to have potentially introduced requirements that cannot practically be met as testing capacity is proving insufficient—A dangerous moment for rule compliance Nadelöhr Corona-Tests: “Es ist Wahnsinn” via @sz https://t.co/meLS79RTCw [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1464287412289511432

  7. Apr 2022
  8. Mar 2022
  9. Feb 2022
  10. Jan 2022
    1. ReconfigBehSci. (2022, January 9). Just a thought on this and the general vaccine mandate debate. As a behavioural scientist currently stuck in Germany where this is a live debate, it strikes me that the thoughts below address only part of the population: Those not currently vaccinated. But what about ... 1/2 [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1480213148032450565

  11. Dec 2021
    1. Efforts to clarify and disseminatethe differences between “privacy as advocacy” (e.g.,privacy is a fundamental right; privacy is an ethicalnorm) and “privacy as compliance” (e.g., ensuringprivacy policies and laws are followed; privacyprograms train, monitor, and measure adherence torules) help frame conversations and set expectations.

      This is an interesting distinction... privacy-because-it-is-the-right-thing-to-do versus privacy-because-you-must. I think the latter is where most institutions are today. It will take a lot more education to get institutions to the former.

  12. Nov 2021
    1. Is Agile/SCRUM Modern Slavery? https://en.itpedia.nl/2021/11/30/is-agile-scrum-moderne-slavernij/ What do you say Modern Slavery? Yes, when I first read the Agile Manifesto, I felt an unease. Especially when I also read the 12 accompanying principles. I realize that I am making extreme statements in this article, but they are intended as a mirror and to reflect for ourselves what we are actually doing.

  13. Oct 2021
  14. Sep 2021
    1. 2015, c. 36, s. 172

      Economic Action Plan 2015 Act, No. 1, SC 2015, c 36, https://canlii.ca/t/52m2b, s. 172, amends IRPA s. 32(d.5) to say:

      (d.5) the requirement for an employer to provide a prescribed person with prescribed information in relation to a foreign national’s authorization to work in Canada for the employer;

      Previously it had said:

      (d.5) the requirement for an employer to provide a prescribed person with prescribed information in relation to a foreign national’s authorization to work in Canada for the employer, the electronic system by which that information must be provided, the circumstances in which that information may be provided by other means and those other means;

  15. May 2021
  16. Apr 2021
  17. Mar 2021
  18. Feb 2021
  19. Jan 2021
  20. Dec 2020
  21. Nov 2020
  22. Oct 2020
  23. Sep 2020
    1. Leuker, C., Hertwig, R., Gumenik, K., Eggeling, L. M., Hechtlinger, S., Kozyreva, A., Samaan, L., & Fleischhut, N. (2020). Wie informiert sich die Bevölkerung in Deutschland rund um das Coronavirus? Umfrage zu vorherrschenden Themen und Gründen, dem Umgang mit Fehlinformationen, sowie der Risikowahrnehmung und dem Wissen der Bevölkerung rund um das Coronavirus (Version 5, p. 966670) [Application/pdf]. Max-Planck-Institut für Bildungsforschung. https://doi.org/10.17617/2.3247925

  24. Aug 2020
  25. Jul 2020
    1. Jeffrey, B., Walters, C. E., Ainslie, K. E. C., Eales, O., Ciavarella, C., Bhatia, S., Hayes, S., Baguelin, M., Boonyasiri, A., Brazeau, N. F., Cuomo-Dannenburg, G., FitzJohn, R. G., Gaythorpe, K., Green, W., Imai, N., Mellan, T. A., Mishra, S., Nouvellet, P., Unwin, H. J. T., … Riley, S. (2020). Anonymised and aggregated crowd level mobility data from mobile phones suggests that initial compliance with COVID-19 social distancing interventions was high and geographically consistent across the UK. Wellcome Open Research, 5, 170. https://doi.org/10.12688/wellcomeopenres.15997.1

  26. Jun 2020
  27. May 2020
    1. CodeGuard's systems are currently operating under these regulations and are in full compliance.
    2. CodeGuard relies upon industry best practices to protect customers’ data. All backups and passwords are encrypted, secure connections (SFTP/SSH/SSL) are utilized if possible, and annual vulnerability testing is conducted by an independent agency. To-date, there has not been a data breach or successful hack or attack upon CodeGuard.
    1. as IT staff - who craft and maintain those screens - we lack concrete requirements as to what actually needs to be changed or added at our existing user "touch points" to achieve and demonstrate compliance.
    1. Firefox is the most compliant with the proposed standard, and is, therefore, your best place to start when developing browser extensions
  28. Apr 2020
    1. But there is still somewhat of a tension between serving those requirements and making sure the business can make a profit, and also ensuring that the expense of complying is adequately funded but not too expensive.
  29. Mar 2020
    1. you have less direct control as you must rely on the vendor’s adherence to IAB’s guidelines for compliance.
    2. Directly blocking the vendor scripts (using another prior blocking method), then executing them only after consent has been collected. This method requires more implementation work and it’s a bit slower in terms of execution time, but it allows personalized ads to be served from the first page view (where consent hasn’t been collected yet) and gives you more direct and solid control in regards to ensuring compliance.

      pros:

      • allows personalized ads to be served from the first page view (where consent hasn’t been collected yet)
      • gives you more direct and solid control in regards to ensuring compliance.
    1. “meet the minimal requirements that we set based on European law” — which they define as being “if it has no optional boxes pre-ticked, if rejection is as easy as acceptance, and if consent is explicit.”
    1. Ryan said he believes the GDPR has resulted in a “game of chicken” between the tech industry and regulators, where companies are trying to see what they can get away with and doing the bare minimum — without taking meaningful action or, often, actually complying with the law.
    1. You need to provide the ability for users to look at cookies individually, so they need to be listed (and that can be quite a lot of work in major systems). You’re allowed to define some cookies as “necessary for the correct functioning of this product”, usually cookies that store session related data. After all, if a user opts out of those, they can’t meaningfully use the web site, or that part of the site.But you have to be honest about it. You can’t, for example, define marketing or analytic cookies as necessary, and you have to allow users to opt out from them. Those don’t stop the site from functioning, it just reduces the data you can collect about site use.
  30. Nov 2019
    1. submit the night before on a Google form

      Compliance - a carrot/stick to encourage students to do the prep before class

  31. Jan 2018
    1. There are no audits matching your search

      There are no audits matching your search for Dispensary There are no audits matching your search for Cannabis There are no audits matching your search for Marijuana There are no audits matching your search for nutraceutical

  32. Jul 2017