IT Audit & Compliance Blog

Cybersecurity is a serious concern for the management and board members of organizations around the world. Consequently, service providers are being faced with increasing scrutiny and pressure to prove that they have taken appropriate measures to protect their systems, the client data that they process or store, and the systems and entities who use or [...]

Many organizations may be retaining personal data and it is important for this information to be properly protected and or anonymized. One method to ensure personal information is appropriately anonymized is through de-identification. This article will explain what de-identification is, how to go about de-identifying personal data, and why it is important. To start, a [...]

Due to the multitude of breaches where defense information has been compromised, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit sensitive information in support of the DOD and its mission. It has taken specific measures to help shore up the defense industrial base [...]

You just received the draft SOC 1 or SOC 2 report from your auditor and as you’re scrolling through the opinion, you notice a reference to “Inherent Limitations.” Inherent Limitations? Is your SOC report suggesting your controls are inadequate? Your auditor is not telling the world you have weak controls; however, every auditor opinion will [...]

Obtaining evidence to confirm the design and operating effectiveness of controls used to support business objectives are completed during the audit process. One objective of this process is to look at the rate of deviations in an effort to determine if there is risk of material misstatement. In this post, we will look at different [...]

If you are beginning the process of looking into obtaining a SOC 1 or SOC 2 report you more than likely have a lot of questions. When speaking with prospects, many have questions related to the process of how a SOC 1 or SOC 2 audit is conducted – particularly questions with regard to the [...]

In a previous blog post, I outlined how security procedures fit in an organization’s overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security [...]

Due to current world events, many employees are now working remotely from home and the question of if a VPN is needed when working at home is at the forefront of many employers’ minds. In this blog, we will discuss what a VPN is, its benefits, if you need one, and how to select a [...]

With COVID-19 requiring nonessential workers to work from home or social distance, many organizations are trying to navigate having their workers not in the office and still maintaining the optimal security methods from their home offices. Keep reading for some recommendations on how to maintain optimal cybersecurity with remote staff. How Do You Keep Up [...]

Organizations flourish when they establish environments that foster the efficient execution of operations. Internal controls should help organizations deliver value to their stakeholders and achieve their strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. What Is the Control Environment of a Company? The Institute of Internal Auditors [...]