compliance – InfoSec certifications for global start-up

This is not how it works. You do not collect certificates.

  • being certified does not mean you are safe
  • customers only care about the certificates they care about

The "best" certification is the one that best serves your business objectives. If you are suing Cyber ​​Essentials, but your customers want BSI Grundschütz, then you have wasted a lot of time and money. And neither guarantee that you are safe.

Company certificates help you to visualize your company, its processes, its employees and its technology through different objectives. Choose the goal that will help you secure your business. Your goal is to be safe, not to be certified.

The "best" case? Examine them all and identify the goal that highlights the gaps that your business should fill right now (no, you don't fill all the gaps at once at the start). Then use this goal to improve yourself. So maybe be certified in this program, but only if it meets the needs of your business.

Here's the approach (for an unregulated industry – for regulated industries, you swap items 1 and 2):

  1. Get basic skills in your people, processes and technology for obvious / common threats
  2. Get compliance with what third party stakeholders want (customers, regulators, investors, etc.)
  3. Develop internal compliance with your own standards to ensure consistency
  4. Develop a risk-based approach to target non-top-line threats to your business
  5. Develop a flexible and adaptive approach to security to be able to respond quickly to emerging risks

Here is the ELITE approach:

  • Essential
  • Theequal / Legislative (Lender / Allied)
  • Iinternal
  • Targetté
  • EMergent

8 – Compliance of cookies and Google Analytics

From the EU Cookie Compliance module project page on

If you want to conditionally set cookies in your module, there is a
JavaScript function provided that returns TRUE if the user has given
his consent:


For example, if you want to disable Google Analytics, you can do the

Another example of how it can be used with Google Analytics is
provided by dagomar in this comment.

Here is another example showing how to set cookies after user clicks
the Accept button:

I have personally used this to prevent the loading of third-party code snippets until compliance is granted, by creating a custom module and including the call to hasAgreed() in the JavaScript behaviors of my module.

But as the first example above shows, a custom module is not required for Google Analytics in particular. You can simply add the following code to Advanced Settings-> Custom JS in Google Analytics:

if (!Drupal.eu_cookie_compliance.hasAgreed()){
window('ga-disable-UA-xxxx-1') = true;

Compliance of cookies and Google Analytics on Drupal 8

I am using Drupal 8.6.14 (I will be upgrading soon) and I am trying to create a cookie consent page that really works! I have used many different modules like EU Cookies Compliance, GDPR Compliance and many others, but not all of them block Google Analytics cookies. I even used a few fixes on Google Analytics that I found in the community to support the EU Cookies Compliance module, but all of them fail. To be exact, EU Cookies Compliance seems to load cookies as usual, then delete them when the consent dialog appears, then reload them once I choose an option. All the other solutions seem not to work at all (I receive cookies each time the page loads). BTW, all the solutions I have found are for <8 versions. Any idea how I can get there? am i missing something?

What is custom and compliance?

Tripath Logistics offers innovative approaches to global customs programs. Our approach is to determine the best way to add value to your processes. We view your customs "value chain", which includes compliance, clearance and analysis, as a way to effectively manage costs.


What is customs and compliance?

As a compliance-driven organization, we are able to understand and deal with the intricacies of trade regulations and agreements at the global, regional, national and local levels.

What is customs and compliance?

As a compliance-driven organization, we are able to understand and deal with the intricacies of trade regulations and agreements at the global, regional, national and local levels.

material – compliance issue 508

For those with knowledge of material design and 508 compliance … are there any problems with using a "delimited" text field compared to the filled text field? We are thinking of using the "delimited" text fields, but we want to make sure that we comply with 508. Any advice is appreciated, thank you!

Compliance and data security tools

Battery Exchange Network

The Stack Exchange network includes 175 question-and-answer communities, including Stack Overflow, the largest and most reliable online community on which developers can learn, share knowledge and build their careers.

Visit Stack Exchange

compliance – What are the topics to include in the access control documentation?

I am preparing documentation on access control for my employer. I need to know what are the best practices or the requirement to prepare access control documentation.

Here are some elements to clarify the answer:

  • We work on the health sector
  • Compliance we follow (HIPAA, SOC, HiTRUST)

I need specific advice, procedures and inspiration.

saas – General issue relating to compliance with ISO 27001

I have received a question as follows: Should the vendor's solution be ISO 27001 certified for the application itself or for hosting the platform?

From what I understand, the ISO 27001 certificate concerns companies / suppliers and includes both the solution and the hosting platform. Are they separable? In the case of a SAAS solution, can I certify the platform and not the application?

Thank you