On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”
Continue Reading

On September 27, 2016, Cloud Infrastructure Services Providers in Europe published its Data Protection Code of Conduct. CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws.
Continue Reading

Reporting from Israel, legal consultant Dr. Omer Tene writes about an important recent decision in which an Israeli court upholds the validity of an instruction issued by the data protection regulator restricting financial institutions from using information about a third party’s attachment of their client’s account for the financial institution’s own purposes.
Continue Reading

On July 10, 2012, the Federal Financial Institutions Examination Council released a statement on outsourced cloud computing activities, discussing key risk considerations associated with using third-party vendors to implement cloud computing solutions and identifying applicable risk mitigation considerations contained in the FFIEC IT Examination Handbook.
Continue Reading