David William Silva

Compliance Technologies

Compliance Technologies is a short-form audio series exploring how modern organizations design, implement, and demonstrate compliance in a world shaped by cybersecurity, privacy, regulation, and advanced technologies. Through focused insights, the show reframes compliance as infrastructure, not paperwork, and examines how law, security, risk, operations, and emerging technologies like AI and privacy-enhancing systems work together to build trustworthy, efficient, and verifiable organizations.

Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: podcasters.spotify.com

Autor

David William Silva

Kategoria

Technology

Strona podcastu

podcasters.spotify.com

Ostatni odcinek

9 lut 2026

Gdzie słuchać?

Podcasty w aplikacji Replaio Radio Już wkrótce

Podcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów

Pobierz z Google Play Zainstaluj za darmo Android 5 mln+ pobrań · ocena 4,8 iOS niedługo

Odcinki

The HIPAA Security Rule 09.02.2026

In this episode of Compliance Technologies , we continue the HIPAA series with a focused look at the HIPAA Security Rule and what it actually requires in practice. The Security Rule governs how electronic protected health information (ePHI) must be safeguarded through administrative, physical, and technical controls . Rather than prescribing specific tools, HIPAA requires organizations to assess r...

The Privacy Rule and "Minimum Necessary" 28.01.2026

In this episode of Compliance Technologies , we continue the HIPAA series by focusing on the HIPAA Privacy Rule and one of its most important principles: minimum necessary . The Privacy Rule governs how protected health information (PHI) may be used and disclosed, but its real operational impact lies in how organizations limit access to PHI, even when use is permitted. This episode explains what “...

Announcing the CSE Registry: A Public Infrastructure for Compliance Signals 26.01.2026

In this special episode of Compliance Technologies , we announce the launch of the Compliance Signal Enumeration (CSE) Registry, a public, open-source infrastructure for defining and referencing compliance signals. Modern compliance frameworks increasingly rely on automation, tooling, and continuous evidence collection, yet the industry lacks a shared vocabulary for describing what is actually bei...

HIPAA Is About Responsibility, Not Just Privacy 18.01.2026

In this episode of Compliance Technologies , we begin a new series on HIPAA by clarifying what the law actually regulates and what it does not. HIPAA is often described as a privacy law, but at its core it defines responsibility for how protected health information (PHI) is created, used, stored, and transmitted across systems and organizations. This episode explains who HIPAA applies to, what qua...

ISO 27001 as an Operating System for Trust 17.01.2026

In this episode of Compliance Technologies , we conclude the ISO twenty-seven thousand one series by stepping back and viewing the standard as a whole, not as a certification exercise, but as an operating system for trust . After exploring context, risk, control selection, and day-to-day operation of the Information Security Management System (ISMS), this episode explains how ISO/IEC 27001 is desi...

Operating the ISMS 16.01.2026

In this episode of Compliance Technologies , we continue the ISO twenty-seven thousand one series by focusing on what happens after design and planning: operating the Information Security Management System (ISMS) . ISO/IEC 27001 requires more than documented policies and selected controls. It expects the ISMS to function as a living system, supported by competent people, accurate documentation, mo...

Risk Treatment and the Statement of Applicability 15.01.2026

In this episode of Compliance Technologies , we continue the ISO twenty-seven thousand one series by focusing on risk treatment and the Statement of Applicability (SoA), two elements that sit at the core of a defensible Information Security Management System (ISMS). ISO/IEC 27001 does not require organizations to eliminate all risk. It requires them to make explicit, justified decisions about how...

Context, Risk, and Why Annex A Exists 14.01.2026

In this episode of Compliance Technologies , we continue the ISO twenty-seven thousand one series by examining where the standard truly begins: organizational context and risk and how those elements explain the role of Annex A . ISO/IEC 27001 does not start with controls. It starts by requiring organizations to understand their context, define the scope of their Information Security Management Sys...

ISO 27001 Is a Management System, Not a Checklist 13.01.2026

In this episode of Compliance Technologies , we begin a new series on ISO27001 by clarifying what the standard actually is and what it is not. ISO/IEC 27001 does not define a checklist of security controls. It defines how an organization establishes, operates, and continually improves an Information Security Management System (ISMS) . This episode explores why the ISMS is the core of the standard,...

SOC 2 Is Not the Report, It’s the Operating Model 12.01.2026

In this episode of Compliance Technologies , we conclude the SOC 2 series by bringing everything together and reframing SOC 2 for what it truly is: an operating model, not a report . After exploring security, availability, processing integrity, confidentiality, and privacy, this episode explains why SOC 2 Type II shifts the focus from control design to consistent behavior over time . We discuss wh...

Where Trust Breaks Inside the System 12.01.2026

In this episode of Compliance Technologies , we continue the SOC 2 series by examining confidentiality and privacy , and why trust often breaks inside systems rather than at the perimeter. SOC 2 looks closely at how sensitive and personal data is accessed, shared, and handled internally, not just how it is protected from external threats. This episode explores how overexposure, excessive access, a...

Saying "It Usually Works" Isn’t Good Enough 10.01.2026

In this episode of Compliance Technologies , we continue the SOC 2 series by exploring availability and processing integrity, two criteria that reveal how much SOC 2 depends on the everyday behavior of systems. Availability isn’t about never failing. It’s about whether systems are designed to operate reliably, recover predictably, and behave consistently under stress. Processing integrity goes fur...

Security Is the Baseline, Not the Goal 09.01.2026

In this episode of Compliance Technologies , we continue the SOC 2 series by focusing on the Security Trust Service Criteria and why, in SOC 2, security is not the end goal, but the baseline. Rather than treating security as a collection of tools or policies, this episode explores how SOC 2 evaluates whether security is operationally enforced through systems and infrastructure. We discuss why manu...

Trust Is a System Property 08.01.2026

In this episode of Compliance Technologies , we begin a new series on SOC 2 by stepping back from checklists and reports to ask a more fundamental question: what does trust actually mean in modern systems? SOC 2 exists because trust no longer scales through policies, promises, or good intentions alone. As systems grow more complex, trust becomes something that must be demonstrated through infrastr...

Accountability Is the Real Requirement 07.01.2026

In this episode of Compliance Technologies , we bring the GDPR series together by focusing on the principle that ultimately connects everything: accountability . After exploring privacy by design, data minimization, purpose limitation, data retention, and lawful basis, this episode explains why GDPR enforcement increasingly centers on one core question: can an organization demonstrate compliance i...

Saying "We Have Consent" Is Not Enough 06.01.2026

In this episode of Compliance Technologies , we continue our series on GDPR fines by unpacking one of the most commonly misunderstood topics in data protection: lawful basis and consent . GDPR requires that every instance of personal data processing have a clear and appropriate lawful basis. While consent is often treated as a default justification, it is also one of the most fragile, especially w...

When "Keeping It Around" Becomes a Liability 05.01.2026

In this episode of Compliance Technologies , we continue our series on GDPR fines by examining one of the most enforceable compliance risks: data retention . GDPR requires organizations to keep personal data no longer than necessary for the purpose it was collected. In practice, many systems retain data indefinitely through backups, logs, analytics pipelines, and downstream services, long after it...

When Data Quietly Changes Its Purpose 04.01.2026

In this episode of Compliance Technologies , we continue our series on GDPR fines by exploring one of the most subtle and most commonly violated principles in data protection: purpose limitation . GDPR requires that personal data be collected for explicit, specific, and legitimate purposes , and not quietly reused in ways that are incompatible with the original intent. In practice, many systems ch...

When "Just in Case" Becomes a GDPR Violation 03.01.2026

In this episode of Compliance Technologies , we continue our series on GDPR fines by focusing on one of the most misunderstood principles in modern compliance: data minimization . GDPR requires organizations to collect personal data that is adequate, relevant, and limited to what is necessary . In practice, many systems do the opposite, collecting data “just in case,” for analytics, future feature...

The Cost of Ignoring Privacy by Design 02.01.2026

In this episode of Compliance Technologies , we launch a new series focused on real-world compliance incidents , starting with GDPR fines . We examine one of the most significant GDPR enforcement actions to date: the €345 million fine imposed on TikTok by Ireland’s Data Protection Commission. This case wasn’t about a data breach or a cyberattack, it was about privacy by design and by default . We...

A New Year, A Clearer Compliance Perspective 01.01.2026

As 2026 begins, this episode reflects on compliance from a fresh perspective. Beyond obligations and checklists, strong compliance delivers clarity, confidence, and trust, qualities every organization wants in the year ahead. We explore why compliance, when built intentionally into systems and operations, reduces surprises, supports innovation, and enables organizations to move forward with confid...

Compliance Is a System, Not a Project 31.12.2025

As the year closes, this episode reframes compliance through a critical lens: not as a one-time project, but as a living system. We explore why project-based compliance fails in modern environments and how system-oriented approaches enable continuous trust, resilience, and growth. This episode ties together the core themes of evidence, scale, automation, and design, offering a clear foundation for...

Why Manual Compliance Doesn’t Scale 30.12.2025

Manual compliance may work temporarily, but it cannot keep pace with modern organizations. In this episode, we explore why human-driven, spreadsheet-based compliance breaks down as systems, teams, and regulations grow more complex. We discuss the limits of manual processes, the risks of reactive compliance, and why scalable, automation-friendly approaches are essential for long-term resilience and...

Compliance Is Proven, Not Claimed 29.12.2025

Clear ownership is necessary, but it is not enough. This episode focuses on the role of evidence in modern compliance, why intent and documentation alone are insufficient, and why proof matters. We discuss how evidence connects controls to real-world operation, why scattered or ad-hoc evidence weakens credibility, and how treating evidence as a first-class asset transforms compliance from narrativ...

Compliance Requires Ownership 28.12.2025

Identifying risks and setting priorities is only the beginning. This episode focuses on one of the most common reasons compliance efforts stall: lack of clear ownership. We explore why shared responsibility often leads to no responsibility, how control ownership prevents drift, and why durable compliance depends on assigning clear accountability for systems, processes, and risks. A practical refle...

Słuchaj podcastu Compliance Technologies w Replaio

Radio i podcasty w jednej aplikacji - za darmo, bez zakładania konta. Zainstaluj już dziś i nie przegap premiery

Pobierz z Google Play

Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS