CYBER INCIDENT RESPONSE PROGRAM Is Bound To Make An Impact In Your Business

The idea is to help the organization preempt attacks by roleplaying an attacker, which will help it understand threats better and respond faster and more effectively.

Advertisements

Organizations need an efficient Incident Response Program if they have to respond with speed and agility to a cyber incident. While such a program should empower businesses to maintain continuous operations; it should also reduce revenue loss, fines and lawsuits, and should help the business build a sound reputation for its brand.

Some of the key components involved in planning and executing the Information Security Plan include Information Security, Governance and Risk. The organization should have a clear map of who has the key responsibility for developing an information security governance program. It should be able to review existing Information Security policies and standards to assess their suitability and adequacy in relation to industry best practices, and be able to update them as appropriate, taking into account compliance recommendations.

cyber-incident-response-checklist-1-638

All these and more will be the learning a webinar from Compliance4All, a leading provider of professional training for all the areas of regulatory compliance, will be imparting. Michael Redmond, a Consultant, Speaker and Author who conducts ISO Certification Training for PECB, will be the speaker at this 60-minute webinar, which will be organized on April 15.

To gain insights into how to put a sound CSIRT program in place, please register for this webinar by visiting https://t2m.io/hd9phbb5

—————————————————————————————————————–

At this session, Michael will help participants understand how to establish Key Performance Indicators (KPI) to determine if their Information Systems Incident Response program meets business objectives and operational metrics that facilitate ongoing process improvement. She will show organizations how to develop a CSIRT Policies, Program, Plan, Playbook, Training, and Exercises.

She will show the importance of coordination in incident handling, which will halt duplication of effort. In addition, she will also show how organizations should train their employees in a way that not only focuses on the capability to react to incidents but also have the ability to utilize the resources to alert and inform their stakeholders.

Methods such as tabletop tests, tabletop exercises and full Red Team Blue team training will be explained. The idea is to help the organization preempt attacks by roleplaying an attacker, which will help it understand threats better and respond faster and more effectively.

In this session, which is aimed at the benefit of Information Security Managers, CEO, CIO, CFO, CSO, Technology Managers and Auditors; Michael will cover the following areas:

  • Adopting a systematic approach to risk tracking to enhance the effectiveness of the Cyber Incident Program
  • Outlining the critical actions to take if an event affects the company or its partners
  • Understanding an organizations’ susceptibility to a Cyber Attack
  • Cyber Incident Response: Getting started, research, training, testing and maintaining
  • Standards and Best Practice: ISO 27001, ISO 27035, ISO 27005, ISO 22316 NIST, FFIEC, HIPPA, AND HITRUST.

——————————————————————————————————–

About the speaker: Michael is the Chapter President for Association of Contingency Planners Eastern Great Lake Chapter and an active member of ISSA. She has consulted in the area of Cyber Security for clients in the arenas of Healthcare, Insurance, Financial and Manufacturing. She has been named on the list of “Women of Distinction for 2015” by Women of Distinction Magazine for her work in Cyber Security.

Simple Tips to know about SAAS-CLOUD

The Data Privacy Statement is a crucial document that sets out how businesses use the private data of EU citizens.

The European Parliament and the European Council have developed the General Data Protection Regulation (GDPR), a legislation aimed at protecting and securing data rights for the citizens of the European Union (EU). The GDPR applies to companies that carry out business transactions with European Union citizens. The companies’ mobile phones, their desktop applications, and websites are among the prime objects that are governed by this regulation.

The GDPR was completely reenacted, replacing the earlier law on data protection, the Data Protection Directive, on May 25, 2018. The new data protection law, the GDPR, is the extant law on this subject, replacing the Directive that was in force for about two decades.

Computer Network

It is mandatory for companies that collect or process data of EU citizens, to inform them how these personal data is collected, used, shared, secured and processed. This is the soul of the new regulation. Any company that deals with information pertaining to what is described as personal data by the EU has to show compliance with this regulation. The cost of non-compliance is exorbitant: it can attract fines of up to €20 million, or up to one-twenty fifths of the company’s total annual revenues, depending on which of the two is higher.

It is to help companies understand the core aspects of data privacy relating to 21 CFR Part 11 and SaaS-Cloud, that Compliance4All, a leading provider of professional training for all the areas of regulatory compliance, is organizing a webinar. The aim of this 90-minute learning session, which will be organized on April 11, is to help participants understand how to write a Data Privacy Statement for compliance with the GDPR regulation. The Data Privacy Statement is a crucial document that sets out how businesses use the private data of EU citizens.

To gain knowledge of how to craft this extremely vital document, the appropriateness or lack of which can be the difference between compliance and penalties, please log on to https://t2m.io/S6yAtmuE to register.

The expert at this webinar is David Nettleton, an FDA Compliance Specialist for 21 CFR Part 11, HIPAA, and Computer System Validation. David will describe just what companies need to do to be compliant with Part 11 and the European equivalent Annex 11 for local, SaaS/Cloud hosted applications. He will show the proper ways of writing a Data Privacy Statement that meets the compliance requirements set out by the GDPR.

He will explain this through an explanation of all the four primary compliance areas that this law applies to:

  • SOPs
  • Software features
  • Infrastructure qualification, and
  • Validation

The aim of this learning is to show to participants the right manner of using electronic records and signatures. Doing it in the right manner goes a long way in helping to increase productivity and in ensuring compliance.

These are the core objectives that the learning from this webinar will impart:

  • Which data and systems are subject to Part 11 and Annex 11
  • How to write a Data Privacy Statement
  • What the regulations mean, not just what they say
  • Avoid 483 and Warning Letters
  • Requirements for local, SaaS, and cloud hosting
  • Understand the current industry standard software features for security, data transfer, audit trails, and electronic signatures
  • How to use electronic signatures, ensure data integrity, and protect intellectual property
  • SOPs required for the IT infrastructure
  • Product features to look for when purchasing COTS software
  • Reduce validation resources by using easy to understand fill-in-the-blank validation documents.

This webinar on simple tips to know about SaaS-Cloud: Data Integrity Compliance with 21 CFR Part 11, SaaS-Cloud, and EU GDPR is suited for GMP, GCP, GLP, Regulatory Professionals, QA/QC, IT, Auditors, Managers and Directors, Software Vendors and Hosting Providers.

————————————————————————————————————–

About the speaker: David Nettleton specializes in performing gap analysis, remediation plans, SOP development, vendor audits, training, and project management. He has completed more than 185 mission critical software validation projects.

His latest book, “Risk Based Software Validation – Ten easy Steps”, relates to the development, purchase, installation, operation and maintenance of computerized systems used in regulated applications.

https://www.privacypolicies.com/blog/gdpr-privacy-policy/

https://www.nibusinessinfo.co.uk/content/sample-privacy-notice

How To Handle Every New NACHA OPERATING RULES 2019

Ensures that every NACHA file meets the specifications relating to the format that it has set forth.

The National Automated Clearing House Association (NACHA) Operating Rules, are the basis for every Automated Clearing House (ACH) transaction. Any financial institution that processes ACH transactions has to follow these Operating Rules. NACHA, a private, voluntary organization founded back in 1974, has established these Operating Rules with the aim of ensuring that payments, which run into their millions every day, get carried out safely and in a hassle-free manner.

Towards ensuring this, NACHA:

  • Defines the roles and responsibilities of financial institutions
  • Establishes thorough guidelines that each Network participant has to comply with
  • Sets forth rules and standards which financial institutions have to follow when they transfer payments
  • Ensures that every NACHA file meets the specifications relating to the format that it has set forth.

NACHA has recently approved a few amendments to the Operating Rules. Given the importance and need for complying with the NACHA’s Operating Rules, it is imperative for any organization that participates in the ACH network to make sure it is knowledgeable about and familiar with all these recent changes.

How do they make sense of these changes and understand the ways of applying them into their practice with immediate effect? This is the learning a valuable webinar from Compliance4All, a leading provider of professional training for all the areas of regulatory compliance, is imparting at a webinar it is organizing on April 10.

Vice-President of Education Services and Founder of Dynamic Mastership, LLC, Donna K Olheiser, will be the speaker at this session. Please log on to https://t2m.io/gVGUDiCK to register for this highly educative session that gives thorough understanding of how your organization needs to apply the latest NACHA Operating Rules and learn how to handle every new NACHA Operating Rules 2019.

————————————————————————————————————–

The newly introduced and approved changes into the NACHA Operating Rules apply differently to participants in the ACH network, depending on whether they are an ODFI, an RDFI, a TPS or a TPSP. These are of a very substantial nature. Among the profound changes is the one relating to the annual ACH Rules Compliance Audit, which has taken effect from January 1, 2019.

At this webinar on how to handle every new NACHA Operating Rules 2019, Donna will clarify on this vital part of the changes and will help participants understand the ways by which they can comply with all the changes one can expect during 2019 and later.

She will explain in detail topics such as the addition of a new window for Same Day ACH (SDA), which allows two more hours for the SDA functionality. She will also describe the ways of improving Funds availability for Same Day and non-Same Day ACH transactions in detail. Apart from these, Donna will also review how the Annual ACH Rules Compliance Audit is changing following the removal of Appendix 8. In all, this is going to be a fabulous opportunity for participants to understand in detail how these new Operating Rules will impact their ACH Operations areas.

During the course of the 90 minutes of this webinar, Donna will cover the following areas:

  • Define the recently approved amendments to the Rules on Expanding Same day ACH and how these changes will affect you as a financial institution
  • Provide specifics on the changes to the annual ACH Rules Compliance Audit and Appendix 8
  • Describe the potential impact on participants in the ACH network with approved changes to other ACH Risk Management topics such as:
  • Supplementing the fraud detection standard for Internet-initiated (WEB) debits
  • Allowing RDFIs to indicate within a return that the original transaction was questionable or part of anomalous activity
  • Supplementing the existing account information security requirements for large Originators and Third-Parties
  • Plus other “minor Rules topics” changes and what this means to you as a participant in the network.

—————————————————————————————————————-

About the speaker: A Certified Master Trainer, Donna designs and facilitates over 100 training sessions each year in the area of her expertise: the rules for companies and financial institutions when processing electronic (specifically ACH) payments.

During the nine years for which she has been the education service director at a Regional Payments Association (RPA), she has been managing and facilitating the entire education program for nearly 800 financial institution members.

https://www.nacha.org/rules

https://www.patriotsoftware.com/payroll/training/help/nacha-file-questions-and-answers/

10 Useful AI & ML Slides

The core of problem-solving is intellectual thinking, which no machine, no matter how sophisticated it is, can replicate.

According to the motto: “A picture says more than a thousand words” some useful slides with a short explanation are shown below.

1. Evolution of Analytics

AISOMA - Evolution of Analytics
AISOMA – Evolution of Analytics

Analytics is the discovery, interpretation, and communication of meaningful patterns in data; and the process of applying those patterns towards effective decision making. In other words, analytics can be understood as the connective tissue between data and effective decision making, within an organization. Especially valuable in areas rich with recorded information, analytics relies on the simultaneous application of statistics, computer programming and operations research to quantify performance.

Organizations may apply analytics to business data to describe, predict, and improve business performance. Specifically, areas within analytics include predictive analytics, prescriptive analytics, enterprise decision management, descriptive analytics, cognitive analytics, Big Data Analytics, retail analytics, supply chain analytics, store assortment and stock-keeping unit optimization, marketing optimization and marketing mix modeling, web analytics, call analytics, speech analytics, sales force sizing and optimization, price and promotion modeling, predictive science, credit risk analysis, and fraud analytics. Since analytics can require extensive computation (see big data), the algorithms and software used for analytics harness the most current methods in computer science, statistics, and mathematics.

2. Future of Data Science

AISOMA - Future of Data Science
AISOMA – Future of Data Science

Sebastian Raschka, researcher of applied Machine Learning and Deep Learning at Michigan State University, thinks that the future of Data Science does not indicate machines taking over humans, but rather human data professionals embracing open-source technologies.

It is common understanding that future Data Science projects, thanks to advanced tools, will scale to new heights where more human experts will be required to handle highly complex tasks very efficiently. However, according to McKinsey Global Institute (MGI), the next decade will witness a sharp shortage of around 250,000 Data Scientists in the U.S. alone. The question is whether machines can ever enable seamless collaboration between technologies, tools, processes, and end users. Automated tools and assistants can aid the human mind to accomplish tasks more quickly and accurately, but machines cannot ever be expected to substitute for human thinking. The core of problem-solving is intellectual thinking, which no machine, no matter how sophisticated it is, can replicate.

3. Machine Learning Workflow

AISOMA - Machine Learning Workflow
AISOMA – Machine Learning Workflow

4. Deep Learning Workflow

AISOMA - Deep Learning Workflow
AISOMA – Deep Learning Workflow

For More You can get here

Remember Your STATISTICAL METHODS Lesson? I’ve Got Some Tips…

The ways by which organizations can optimize their various data to enhance decision-making are vital for any organization.

Well, most organizations are experts at churning out mountain loads of data. They can produce data at the drop of a hat on any area of their work. But the crucial question is, how useful is this data? Are organizations using the right methods by which they can turn this data into useful and actionable information?

This is a core question for an organization. It is because the key to optimizing their operations and making effective decisions that help achieve a competitive advantage lies in the organizations’ and individuals’ ability to put the available data to the best possible use.

Obviously, organizations that don’t properly leverage data are bound to trail behind those who do. The ways by which organizations can optimize their various data to enhance decision-making are vital for any organization.

This knowledge will be imparted at a webinar that is being organized on March 20 by Compliance4All, a leading provider of professional training for all the areas of regulatory compliance. At this session, Steven Wachs, a senior statistician, will explain how to bring about a turnaround in organizational thinking when it comes to making use of data. Please visit https://t2m.io/cRPp46Py

Statistical Analysis

The aim of this webinar is to introduce participants to important statistical concepts and methods that are essential for making objective decisions related to product quality. A grasp of these concepts helps organizations to arrive at objective decisions to ensure and improve product quality. The methods he will introduce will open the participants’ perspectives to a host of critical lines of thinking, which include:

  • Determining how well the process/product meets requirements
  • Knowing when a process or system is behaving consistently or differently than before
  • Uncovering which key inputs to the process affect product performance or customer satisfaction
  • Ensuring that what needs to be done can be effectively measured
  • Comparing groups of data when a random (natural) variation is present
  • Predicting future outcomes using a predictive model

Steven will introduce a host of methods relating to statistical methods, which include:

  • Statistical Process Control
  • Process Capability Assessment
  • Regression Modeling
  • Design of Experiments
  • Hypothesis Testing
  • Measurement Systems Assessment.

Some of the methods whose purpose the participants of this webinar will gain an understanding of include:

  • Statistical Process Control
  • Process Capability Assessment
  • Regression Modeling
  • Design of Experiments
  • Hypothesis Testing
  • Measurement Systems Assessment.

Steven will cover the following areas at this webinar:

  • Variation & Quality
  • Process Stability/Statistical Process Control
  • Process Capability Assessment
  • Predictive Models (Regression & Design of Experiments)
  • Hypothesis Testing for Decision Making
  • Measurement Systems Assessment
  • Examples & Applications.

This webinar is aimed at benefiting personnel in various positions in the field of statistics, and these include:

  • Quality Personnel
  • Manufacturing Personnel
  • Operations/Production Managers
  • Production Supervisors
  • Supplier Quality personnel
  • Quality Engineering
  • Quality Assurance Managers, Engineers
  • Process or Manufacturing Engineers or Managers.

—————————————————————————————————————–

About the speaker:

During his over 25 years of wide-ranging industry experience in both technical and management positions, Steven has worked in most areas of statistical applications in reputable organizations. He possesses expertise in the application of reliability methods to achieve robust and reliable products as well as estimate and reduce warranty.

In his current role of being Principal Statistician at Integral Concepts, Inc., he assists manufacturers in the application of statistical methods to reduce variation and improve quality and productivity. Steven regularly speaks at industry conferences and provides workshops in industrial statistical methods worldwide.

New Definitions About AUDITOR-IN-CHARGE You Don’t Usually Want to Hear

All these functions have to be carried out in addition to nearly innumerable other minor activities.

The role of the Auditor-In-Charge (AIC) in the organization is an unenviable one. It comes with numerous responsibilities. Apart from providing directions to the audit team; the AIC should also perform responsibilities such as:

  • Assessing the quality of the work of the audit team
  • Providing on-going communication to audit management and audit clients
  • Developing the draft report
  • Preparing for the exit conference
  • Assessing the performance of the audit team.

All these functions have to be carried out in addition to nearly innumerable other minor activities. Since the AIC is the one finally responsible for the success or otherwise of an audit; everything depends on how efficiently, smartly and diligently the AIC carries out those functions.

Want to understand the ways by which this can be done effectively? A webinar from Compliance4All, a leading provider of professional training for all the areas of regulatory compliance, will impart a thorough and proper understanding of the responsibilities of the AIC and the skills needed to execute them.

Please enroll for this webinar by visiting https://t2m.io/9MciNDWH The speaker at this 90-minute session, which will be held on March 20, is Jonnie T. Keith, who has served as the Chief Audit Executive for the Metropolitan Atlanta Rapid Transit Authority (MARTA).

At this important learning session on the role of the AIC, Jonnie will cover the following areas:

  • Audit Standards Relative to the Auditor-In-Charge
  • IIA Standards
  • GAGAS Standards
  • Auditor-In-Charge Skills and Attributes
  • Audit Knowledge
  • Communication Skills
  • Organizational Skills
  • Interpersonal Skills
  • Leadership Skills
  • Audit Skill Assessment Tool
  • Auditor-In-Charge Responsibilities
  • Conduct Pre-Audit Administrative Duties
  • Conduct a Preliminary Survey
  • Develop audit objectives
  • Determine the audit scope
  • Conduct an Entrance Conference
  • Supervise Fieldwork
  • Review Workpaper
  • Write Draft Audit Report
  • Conduct Exit Conference
  • Wrap Up
  • Follow Up.

This webinar is aimed at personnel for whom auditing is a primary job responsibility. These include Staff Auditors, Government Auditors, Compliance Auditors, Internal Control Specialists, Public Accountants, Accounting Analysts, Business Analysts, and Quality Control Specialists.

—————————————————————————————————————–

About the speaker:

In his over forty years of experience in auditing, Jonnie has done numerous audit presentations. He has performed quality assessments of several major companies. These quality assessments ensure that the Audit Departments are conducting audits in accordance with the Institute of Internal Auditors Standards or the Government Auditing Standard as applicable. An article of his, entitled “Killing the Spider”, was published in the April 2005 edition of Internal Auditor Magazine.

Quick ways to learn Standard Operating Procedure

It does not offer clear-cut guidelines on the right means to write, maintain, and update SOPs.

A Standard Operating Procedure (SOP) or a set of them is a sine qua non for organizations in the regulated industries. Yet, a lion’s share of the deficiencies that get detected during the FDA’s inspectional observations of organizations relates to problems in the SOP, for which these organizations get hauled up for enforcement actions.

However, the irony is that the blame for this situation lies with the FDA: while it mandates the need for SOPs among companies in the regulated industries, it does not offer clear-cut guidelines on the right means to write, maintain, and update SOPs.

It is mainly because of the absence of these guidelines that many organizations come up with SOPs that fail to meet regulatory compliance guidelines. The most common areas in which they falter are the manner of their writing, communication, monitoring and enforcement. The SOPs that most organizations write either fall short of the details or miss the tools for ensuring compliance with the SOPs. Most of these SOPs contain errors that end up getting noticed only during an audit.

A webinar from Compliance4All, a leading provider of professional training for all the areas of regulatory compliance, will show the proper ways of writing SOPs in a manner that makes it easy for companies to maintain and update these and to also avoid punitive actions from the FDA. The speaker at this webinar is Todd B. Graham, a clinical laboratory scientist for a large hospital system in the New York Tri-State Area. Please register for this 90-minute webinar by visiting http://write.news/compliance_SOP

————————————————————————————————————-

At this session on quick ways to learn Standard Operating Procedure, Todd will explain a set of guidelines that will educate the participants on how to write SOPs and work instructions for FDA-regulated organizations. This will help participants with:

  • Becoming familiar with the basics of how to generate a great SOP
  • Understanding how to remain compliant and yet not restrict the course of action
  • Gaining knowledge of how to maintain the compliance over the course of the SOP lifetime.

At this highly valuable, well-rounded learning on the proper ways of writing SOPs and work instructions that befit FDA-regulated organizations; Todd will cover the following areas:

  • Record compliance with examples
  • What are SOPs?
  • Why are they important?
  • What are their benefits?
  • What are their limitations?
  • Important types of SOPs
  • Minimum number for SOPs, topics, and examples
  • SOPs and guidelines

 Steps to develop an SOP

  • Process mapping
  • Authoring
  • Formatting and language
  • Editing
  • Authorizing
  • Training
  • Implementation
  • Revision / archiving (version control)
  • An SOP example and template

————————————————————————————————————–

About the speaker: In his role as a scientific consultant for Fortune 500 biotechnology firms, healthcare systems throughout the world and R1 Research Level Universities, Todd has helped organizations improve sample workflow and laboratory quality and reduce sample turnaround time. Through his work, he has also helped expand laboratory services to vulnerable health populations in the New York area. Another of his pursuits has been to offer outreach services to the local community by serving as a mentor to not only students training in clinical laboratory science, but also the scientific community, which he has done by serving as a technical resource for his peers in the laboratory.