IT Audit & Compliance Blog

The first step in conducting a HIPAA security compliance audit is to “take inventory” of the electronic protected health information (ePHI) environment. [...]

The SOC 2 Privacy criteria is one of the AICPA’s five Trust Services Criteria that may be included in a System and Organization Control (SOC) report that a service organization provides to its user entities. On the other hand, the General Data Protection Regulation (GDPR) is an enforceable legislative act in place to protect the [...]

Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these [...]

We live in a complex world with seemingly continual headlines of breaches, hacks, and other nefarious online activity. Security programs must be robust enough to address the continual threats bombarding organizations today. Security practitioners have a lot on their plate — identification and authentication, access control, encryption of data in transit and at rest, data [...]

Many users are unsure as to the difference between a SOC 2 (System and Organization Control) report and PCI DSS (Payment Card Industry Data Security Standard) compliance. While the two may have overlapping areas of focus, they are quite different. The main difference between the two is that PCI is specific to businesses that accept [...]

An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to [...]

The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry. [...]

If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS). [...]