Overview From the inception of technology, security concerns have always been at the forefront. Information security preserves an organization’s reputation, maintains business continuity, and prevents financial losses. In today’s evolving cyber landscape and global economy, securing a competitive advantage and demonstrating a commitment to information technology security has become more critical than ever before. Audit […]
What is HITRUST? HITRUST is an organization that develops and maintains the Common Security Framework (CSF). The HITRUST CSF is a certifiable framework, which incorporates various regulatory requirements and industry standards, designed to address security and privacy needs of organizations focused on the healthcare industry. The choice between HITRUST Certification and other frameworks such as […]
Overview In 2022, a new version of PCI Data Security Standard (DSS) was released updating the current V3.2.1 to V4.0. PCI DSS Version 4.0 (PCI DSS V4.0) seeks to enhance the security of cardholder data and align with evolving threats. Organizations have until March of 2025 for mandatory compliance with the newest changes; however, the […]
Overview On October 25, 2022, ISO 27001 was updated from the ISO/IEC 27001:2013 version to the new ISO/IEC 27001:2022. The objective of this article is to inform you about what the changes are and timelines for adopting the 2022 version, irrespective of whether this is your initial certification or you are transitioning from the 2013 […]
If you have recently finished a SOC 1 or a SOC 2 Examination, you may be tempted to put a hold on thinking about your next annual audit. However, the truth is that the sooner you start planning, the smoother your next audit will go. Below are ten best practices to consider as you prepare […]
Overview Organizations who intend to issue a SOC 1 Report to their customers and business partners in 2023 should be well into planning now for changes in the guidance that impact service organizations and their auditors. This article highlights changes released in February 2023 by the American Institute of Certified Public Accountants (AICPA), who publishes […]
When you’re doing business with third parties, you may be exposing your organization to financial, operational, and reputational risks. While third-party suppliers may be necessary to run your business efficiently, you need to take proactive steps to mitigate risks. This is where vendor management and assessment programs come in. What is Vendor Management? Vendor management […]
Many organizations are required by law to adhere to regulations or industry standards (for example, NIST, CMMC, PCI DSS, GLBA, HIPAA, SOC 2, ISO 27001, etc.) that include the use of security assessment techniques like penetration testing (aka, “pen testing”) as a component. Other organizations want to be proactive and find the “open doors and […]
Organizations currently subject to a SOC 2 Examination or that intend to be subject to a SOC 2 Examination, along with their auditors, must use guidance issued by the American Institute of Certified Public Accountants (AICPA), as the “rule-book” for these reports. In October 2022, the AICPA issued updates to this SOC 2 guidance that […]
A Company can never be too safe in making sure that its systems are protected from cyberattacks. Responsibility of information security does not only lie with your Information Security Group but also at the highest levels within a company. Based on a recent ruling by the FTC, CEOs are now responsible for their company’s compliance, […]
