Category Archives: Governance, Risk & Compliance

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Cloud Privacy for Your Enterprise’s Data: Whose Choice?

Posted on by

cloud-securityToday’s headlines are full of reports of ransomware, retail customer data breaches and routine government surveillance of online traffic. The battle between the FBI and Apple over unlocking an iPhone is just the latest story highlighting digital data security as a daily concern.

buy tobradex online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/tobradex.html no prescription pharmacy

While teens on Facebook may not worry about who’s looking at their posts, CEOs in the boardroom have a real problem to solve. Not only do large enterprises have to protect themselves against data breaches, they must follow a complex maze of privacy and data-hosting laws that vary by country and state.

Security and compliance can, ironically, become much more difficult thanks to a shift that otherwise makes IT easier and less expensive. Moving IT operations to the cloud has many advantages, but by placing data in the hands of a cloud vendor, companies frequently surrender a lot of control over that data: where it’s stored, how it’s handled and how it’s secured.

Furthermore, most customers have no idea of the physical location of the data center holding their information. That creates an immediate compliance problem with EU data privacy and hosting regulations—and non-compliance can be costly.

As an enterprise customer, having choices as to where your content is stored is crucial to your ability to meet all those requirements. Indeed, data sovereignty has become increasingly important in the wake of Safe Harbor, so companies need cloud solutions that enable them to maintain the highest levels of visibility and control over their data.

buy trazodone online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/trazodone.html no prescription pharmacy

Data regulators have (for now) rejected the EU-U.S. Privacy Shield agreement, making it even more important for global enterprises to ensure they remain in compliance with regional privacy laws, protect employee personal information and preserve the confidentiality of valuable corporate intellectual property.

So when considering a cloud vendor, enterprises need to factor flexibility of location into their purchase decision. The ability to use private cloud, public cloud, and/or on-premises storage within a single account will offer global enterprises a flexible range of options. Along with that, enterprises should look for a cloud vendor that offers the enterprise’s IT department maximum visibility and control to choose the right storage location, based on national sovereignty, data sensitivity, and other factors that concern regulators.

Another crucial consideration is the security of the data – in particular, who ultimately controls access. It is really impossible for an enterprise customer to know if there is a hidden “back door” in the vendor’s system that might allow law enforcement (or a clever hacker) to get access to the most sensitive information of the enterprise. More importantly, should the FBI or NSA come calling, the enterprise has no way to know whether their vendor will allow those agencies access to data or if the vendor has agreed to the routine surveillance of their systems and, therefore, the customer data stored there.

buy zestril online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/zestril.html no prescription pharmacy

What company or organization would willingly place that kind of responsibility in the hands of a cloud vendor? Because the enterprise is responsible for the protection of its own data and that of its customers, as well as its reputation, the customer rather than the vendor should decide these issues with full knowledge, based on its own core values.

Whether a company has the ability to take on this responsibility, however, does rest with its cloud vendor, because the customer only can control what the vendor allows.

As custodians of the information entrusted to them by customers, cloud vendors have a duty to build in the highest levels of security to protect that data.

Vendors should never be in a position to hand over a customer’s data on their own, any more than a bank should be able to open your safe deposit box without your key. It doesn’t matter what the cloud vendor’s position may be on the continuum between privacy and intelligence gathering. (That’s a major reason Syncplicity has chosen to use a “split key” system that precludes us from having any access to customer data without their express consent.)

In addition, vendors also have a responsibility to provide their enterprise customers with the ability to control precisely where their data are stored. Admittedly, keeping data secure is a daunting task from the vendor’s perspective. Attacks are more sophisticated every day and there are new laws and lots of uncertainty around them internationally.

These are enormously important issues and companies that want to be in the business of managing data for others must take them seriously. Doing anything less than this is an abject failure by the vendor. Enterprise customers need to make these issues a central part of deciding which vendor to use. Doing anything less puts their business – and their customer’s data – in jeopardy.

FAA’s New Drone Rules Ready for Takeoff

Posted on by

Drone
The commercial use of drones, or unmanned aircraft systems (UAS), has been widely discussed in the insurance industry. There is much to speculate upon as the technology is still emerging, with any number of possible applications and concerning reports of injuries. While drones bring the promise of efficiency, there is also the uncertain risk profile that comes with this most exciting technology.

With new Federal Aviation Administration (FAA) rules ready to take off (pun intended) in August, there will be improved visibility into the procedures and practices used by drone operators. The FAA recently finalized the first operational rules for routine commercial use of drones and, while the total risk picture is still unknown, we can now evaluate the strength and appropriateness of safety controls employed by UAS operators.

Drones are being used in many industries, from construction to utilities to agriculture, and these industries will need to prioritize compliance and risk mitigation. Some of the new operational limitations from the FAA include:

  • At all times the drone must remain close enough to its remote pilot in command and the person manipulating the flight controls must be capable of seeing the aircraft with vision unaided by any device other than corrective lenses.
  • Drones may not operate over any person not directly participating in the operation, or under a covered structure, or inside a covered stationary vehicle.
  • Drones may only operate during daylight hours or 30 minutes before sunrise or 30 minutes after sunset with appropriate anti-collision lighting.
  • Drones cannot operate from a moving vehicle unless it is over a sparsely populated area.

These rules appear to provide sound guidelines, but most regulations are only as good as the ability for them to be enforced. For example, under the rules’ operational limitations section, it is stated that most of the new restrictions are waivable if the applicant demonstrates that his or her operation can be safely conducted under the terms of a certificate of waiver. How often will these waivers be allowed and how will the FAA conduct investigations? Insurers will be watching to see how the rules are implemented and enforced.

Clearly, we should take note of this important moment for drones, as implementation of federal safety standards for emerging risk drivers has spawned or grown new insurance business lines that are now viewed as essential coverages. For example, environmental regulation in the late 1970’s and 80’s created the need for environmental coverage.

buy imodium online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/imodium.html no prescription pharmacy

State and more recent federal cyber laws are the backbone of cyber policies as insureds must comply with standards to prepare for and respond to breaches. Most recently, the FDA’s Food Safety Modernization Act is driving insureds to take a fresh look at product recall insurance.

Risk managers should expect operating rules to drive new coverages that support the insured’s risk evaluation process.

buy sildalis online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/sildalis.html no prescription pharmacy

This will allow for a spectrum of outcomes from exclusionary wording for UAS operations to distinct coverage grants for safe and compliant operators. Loss control and consulting services from insurers could be helpful to guide the risk management surrounding drones. The federal rules also enable additional objective underwriting questions tied to compliance. Expect to see these questions incorporated into specific UAS underwriting application questions.

The risk manager can readily imagine the Coverage A risks that can arise from UAS operations. Those could include but are not limited to third party bodily injury resulting from aircraft failure, a wildfire resulting from a crash and potential catastrophic terrorism uses. Privacy risk under Coverage B is also a risk easy to imagine and well-documented even in the early stages of this new commercial risk driver.

Insurance brokers or consultants can also offer guidance on the various ISO endorsements in circulation seeking to clarify the commercial general liability aircraft exclusions to include unmanned aircraft. ISO endorsements provide options to include Coverage A and/or schedule-specific aircraft for coverage. I do not believe that ISO has plans to amend the currently available endorsement in response to the aforementioned FAA operating rules.

There is no question the use of drones is only going to expand in its application and, with that, operational safety will improve as exposures grow. The industry should expect increased regulations, including flight worthiness certification as well as possible insurance requirements. According to a Goldman Sachs analysis, total global spending on drones in the commercial market is estimated to be around 0 billion over the next five years.

buy tretiva online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

Of that, about $11.2 billion will be generated by the construction industry.

Risk managers should anticipate liability exposure for those that fail to comply with the new regulations. The uses are vast, and given the diversity of users the levels of knowledge and awareness of compliance obligations will vary. Education will be key to ensure users understand their responsibilities and the consequences for not meeting regulatory standards.

As the technology and uses continue to advance, catastrophic loss examples will likely arise in the future. I am hopeful that the new FAA regulation will be a useful tool to mitigate the unknown risks to both drone operators and third party premises owners that might be exposed to drone-related accidents.

Chipotle Provides Yet More Reminders of D&O and Food Safety Risks

Posted on by

If the average food safety crisis or product recall forces companies to weather a storm, Chipotle has spent the past year trying to weather a category 4 hurricane. Now months into their recovery effort, it seems they are still seeing significant storm surges.
Last week, a group of Chipotle shareholders filed a federal lawsuit accusing executives of “failing to establish quality-control and emergency-response measures to prevent and then stop food-borne illnesses that sickened customers across the country and proved costly to the company,” the Denver Post reported. The suit accuses executives, the board of directors, and managers of unjust enrichment and seeks compensation from Chipotle’s co-CEOs, while also asking for corporate-governance reforms and changes to internal procedures to comply with laws and protect shareholders.

Sales remain significantly impacted by the series of six foodborne illness outbreaks last year.

online pharmacy propecia with best prices today in the USA

The company reported in July that same-store sales fell another 23.6% in Q2, marking the third straight quarter of declines for performance even lower than analysts had predicted. The company’s stock remains drastically impacted, currently trading at about 4 compared to a high of 9 before the outbreaks came to light a year ago.

online pharmacy fildena with best prices today in the USA

In addition to the most recent shareholder lawsuit, the bad news for directors and officers specifically has also been further compounded recently.

Shareholder lawsuits were filed earlier this year alleging the company had misled investors about its food safety measures, made “materially false and misleading statements,” and did not disclose that its “quality controls were not in compliance with applicable consumer and workplace safety regulations.” In June, a group of shareholders sued a number of top executives for allegedly violating their fiduciary responsibilities and engaging in insider trading.

online pharmacy synthroid with best prices today in the USA

Relying on insider knowledge about insufficient food safety protocols, the suit alleges that the executives sold hundreds of thousands of shares in the first half of 2015 before the food poisoning scandal was made public.

Check out previous coverage of the Chipotle crisis in the Risk Management March cover story “Dia de la Crisis: The Chipotle Outbreaks Highlight Supply Chain Risks.”

Tyson Foods Cited for Violations after Employee Finger Amputation

Posted on by

Cited for multiple violations, Tyson Foods was fined $263,498 by the U.S. Department of Labor Occupational Safety and Health Administration after an employee’s finger was amputated in an unguarded conveyor belt, the DOL reported yesterday.

Inspectors found recessed drains and fire hazards resulting from improperly stored compressed gas cylinders, which exposed employees to slip-and-fall hazards due to a lack of proper drainage.

Established in 1935 and headquartered in Springdale, Arkansas, Tyson is the world’s Tysonlargest meat and poultry processing company, with more than $40 billion in annual sales. The company produces more than 68 million pounds of meat per week. OSHA gave Tyson 15 business days from receipt of its citations to comply, request an informal conference with OSHA’s area director, or contest the citations and penalties before the independent Occupational Safety and Health Review Commission.

“Tyson Foods must do much more to prevent disfiguring injuries like this one from happening,” Dr. David Michaels, assistant secretary of labor for Occupational Safety and Health, said in a statement. “As one of the nation’s largest food suppliers, it should set an example for workplace safety rather than drawing multiple citations from OSHA for ongoing safety failures.”

OSHA inspectors found more than a dozen serious violations, including:

  • Failing to ensure proper safety guards on moving machine parts
  • Allowing carbon dioxide levels above the permissible exposure limit
  • Failing to provide personal protective equipment
  • Exposing employees to an airborne concentration of carbon dioxide
  • Not training employees on hazards associated with peracetic acid and other chemicals.

OSHA also cited the company for repeated violations for not making sure employees used appropriate eye or face protection when exposed to eye or face hazards. The agency cited Tyson for a similar violation in a 2012 investigation at its Carthage facility. The company also failed to separate compressed gas cylinders of oxygen and acetylene while in storage – a violation for which OSHA cited the company in 2013 at its facility in Albertville, Alabama.

According to OSHA, the inspection falls under its Regional Emphasis Program for Poultry Processing Facilities.