Here's another good one: "Portable photographic or video equipment is not allowed in secure rooms unless authorized."
My comment in response: "Do we confiscate employees’ and visitors’ cell phones when they enter 'secure areas'? If not, this rule is violated every time an employee or visitor enters a secure area, and we should probably delete it."
#compliance
Reviewing compliance docs. Found this gem: "All fire doors on a security perimeter must be alarmed, monitored and tested in conjunction with the walls to establish the required level of resistance."
Added this comment: "How are we supposed to 'test' that fire doors and walls in a building provide the required level of fire resistance? I fail to see how such a 'test' can be accomplished without setting the building on fire. Perhaps different wording is required here."
#compliance #pyromania
What Is a Conforming Alternate Version and When Would We Use It?, by @mnit-services.bsky.social:
https://mn.gov/mnit/about-mnit/accessibility/news/?id=38-683740
Wieso gibt es keine #Compliance Regelungen für #Regierungen und #Ministerien in Bezug auf #Alkohol und #Drogen Konsum während der Dienstzeit? In jedem größeren Unternehmen gibt es sowas. https://www.t-online.de/nachrichten/ausland/usa/id_100747072/usa-musk-soll-als-trump-berater-massenhaft-drogen-konsumiert-haben.html #Musk #ElonMusk #USA
I still think @EUCommission 's #fines are not a real "#penalty"!
After all, if I were to do the same shit [hypothetically, as a small and/or domestic business in the #EU] I'd soon face a judge dismantling my business as a "criminal enterprise" and stripping it for assets to pay damages, alongside confiscating any profits made.
Remember: If the penalty for a crime is a fine it's only illegal for the poor!
Question for #infosec, #compliance, #HIPAA wonks…
My mandatory annual HIPAA training claims that an "unintentional disclosure as a result of a permitted reason" is not a HIPAA violation. They even include the text shown below in one of the training videos.
I've never heard this before. My understanding is that an unintentional disclosure is still a violation, albeit perhaps a less severe one.
Do you agree with the training, and if so, can you point to a source for this?
@osi This Friday May 30th at 9:00 CEST, during the OpenChain webinar, we will learn about the impact of AI from the copyright and open source license compliance point of view. https://openchainproject.org/news/2025/05/23/webinar-2025-05-30
AVG: waar staan we 7 jaar na de invoering? Was jij erbij? Weet je nog hoe organisaties ineens voor het eerst bezig leken te zijn met verwerkersovereenkomsten (daarvoor heetten ze 'bewerkersovereenkomsten') en iedereen riep 'Het mag niet van de AVG!'?
Ik deed een onderzoek onder privacyprofessionals van 34 onderwijs- en onderzoeksinstellingen om te kijken hoe we de impact van de verordening ervaren en wat deze heeft opgeleverd:
@pascal_f @simsus vorallem hilft #OpenSource sowohl #Compliance als auch #Zertifizierung von #Standards und verringert #Risiken.
WCAG 3.0’s Proposed Scoring Model: A Shift in Accessibility Evaluation, by @smashingmag:
Please, #infosec and #compliance professionals, I am BEGGING you, WRITE YOUR POLICIES AND PROCEDURES IN THE PRESENT TENSE.
Yes: "…risk assessment results guide appropriate management action…"
*NO*: "…risk assessment results *will* guide appropriate management action…"
Policies and procedures say what the organization DOES, not what it WILL do.
(continued)
@mailbox_org
Da gebe ich euch recht.
So große und unabhängige Institutionen müssen aber selbst hosten.
Das ist immer die Abwägung zwischen redaktionellen Artikeln und Werbung...auch hier im Fediverse.
Microsoft blockierte das E-Mail-Konto des IStGH-Chefanklägers – ein Weckruf!
Wenn zentrale Institutionen durch ausländische Anbieter lahmgelegt werden können, ist das ein klarer Appell: Europa braucht digitale Souveränität. Als deutsche Anbieter setzen wir bei @mailbox_org auf echte Datenhoheit – unabhängig und sicher. Jetzt handeln! https://www.heise.de/news/Strafgerichtshof-Microsofts-E-Mail-Sperre-als-Weckruf-fuer-digitale-Souveraenitaet-10387368.html
AI does not reason. It applies probabilities.
It's like eating an apple and assuming that everything will be as tasty: http://data.yt/kit/how-ai-works.html
‘Artificial intelligence’ accelerates the commoditization of paid employment.
I show you the driving forces in a long article: http://data.yt/kit/how-ia-works.html
Tool: Accessibility Statement Generator, by @w3c:
@Tagesspiegel @tagesspiegel-nachrichten-Tagesspiegel
There's no #compliance, not at all!
#compliance : as to a desire, demand, or proposal
- French: conformité
- German: die Zustimmung
- Italian: conformità
- Portuguese: conformidade
- Spanish: conformidad
------------
Join our new subreddit for language learners @ https://reddit.com/r/LearnANewLanguage
ISO 27000 nit #3. I had to stare at this for several minutes to try to figure out what "enhancing societal values" was doing in this list. IMO the meaning of all the other list items it clear, but that one's clear as mud. I _think_ what they're trying to get at is improving the security culture within the organization being managed, but honestly, that's just a guess, I'm not even certain that's what they mean.
#infosec #compliance #ISO #ISO27000 #standards #isms
ISO 27000 nit #2: The definition of "risk" provided here, "effect of uncertainty on objectives," is dumb, obscure, unhelpful, bureaucratic gobbledygook. It in no way resembles the dictionary definition of risk, which much more closely approximates what I think of when I use the word risk or see it used in an information security concept. I am challenged to understand why they chose this nonsense definition and what they hope to achieve by it.
#infosec #compliance #ISO #ISO27000 #standards #isms
