Staying Compliant with Cybersecurity Policies

SHARE
ET&S Strategic Communications

In FY24, the USNH Enterprise Technology & Services (ET&S) Cybersecurity team undertook a series of comprehensive assessments to ensure compliance with a range of legislative and governmental mandates. These efforts were crucial in maintaining the integrity and security of our systems and data.

Key Assessments and Compliance Efforts:

  1. Gramm-Leach-Bliley Act (GLBA): This financial legislation mandates the protection of consumer financial information. Our team conducted thorough reviews and implemented necessary safeguards to ensure that all financial data handling processes met GLBA requirements.
  2. Red Flag Rules: Focused on preventing financial aid fraud, these rules required us to identify and mitigate potential identity theft risks. We enhanced our monitoring systems and updated protocols to detect and respond to red flags effectively.
  3. Disaster Recovery Planning: Ensuring business continuity in the event of a disaster is paramount. Our team developed and tested robust disaster recovery plans, ensuring that critical systems and data could be restored swiftly and securely.
  4. Health Insurance Portability and Accountability Act (HIPAA): Compliance with HIPAA is essential for protecting sensitive health information. We conducted detailed assessments of our health data management practices and implemented stringent controls to safeguard patient information.
  5. Governance Policies and Standards Updates: In addition to specific legislative requirements, we reviewed and updated several governance policies and standards. This included refining our cybersecurity policies to align with the latest industry best practices and regulatory expectations.

Enhanced Security Measures:

  • Risk-Based Controls:  ET&S established and reinforced risk-based controls to protect the confidentiality, integrity, and availability of information across our systems. These controls are designed to mitigate potential cyber threats and ensure compliance with various regulatory frameworks.
  • Regular Audits and Monitoring: Continuous monitoring and regular audits were conducted to identify vulnerabilities and ensure ongoing compliance. This proactive approach helps us avoid potential threats and maintain a secure environment.
  • Training and Awareness Programs: To support our compliance efforts, we implemented comprehensive training and awareness programs for all staff. These programs are designed to educate employees about cybersecurity best practices and their role in maintaining compliance.

By adhering to these rigorous standards and continuously improving our cybersecurity posture, the USNH ET&S Cybersecurity team ensures that we remain compliant with all relevant regulations, thereby protecting our systems, data, and stakeholders.

Categories
Tags