IT Audit & Compliance Blog

Risk management is a basic component of everything we do. Subconsciously, we assess and manage risk with each decision we make—from getting up in the morning to going back to sleep. So, in a way, most of us are already seasoned risk managers. Yet many find organizational risk management to be an overwhelming task. Managing [...]

More and more companies are popping up that require their consumers to insert sensitive information into a cloud for safe keeping but is the cloud actually safe? This article will address that question and provide consumers some insight into steps they can take and what to look for to help ensure that their information is [...]

The AICPA has recently developed a cybersecurity risk management reporting framework that is being added to the suite of System and Organization Controls (SOC) report offerings. This framework will assist organizations in communicating relevant and useful information about their cybersecurity risk management program. Companies need to be able to evidence that they can manage cybersecurity [...]

The number of companies utilizing cloud service providers (CSPs) that provide Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) is on the rise and making it important for consumers to understand the services—including the benefits—of what they are purchasing in order to maximize their return on investment. [...]

A Third Party Administrator (TPA) is a service organization that provides a variety of services to the insurance industry in accordance with a service agreement. [...]

When most people think of hygiene, I would venture to say that technology or computer systems are not part of the mental picture. There are interesting parallels, however, between what we think of as “normal” hygiene and cyber hygiene. [...]

A type II SOC 1 (f. SSAE 16) or SOC 2 report (versus a Type I) is the most useful for a service organization to provide to a client. Most reports cover a 12 month period, but can be as short as six months [...]

The Federal Information Security Management Act (FISMA) was originally released in December 2002 and established the importance of information security principles and practices within the Federal Government, noting that information security was “critical to the economic and national security interests of the United States. [...]

COBIT® stands for Control Objectives for Information and Related Technology. What is it? Put simply, it is a framework for enterprise wide governance to include business functions, information and information technology resources. The COBIT® framework provides a structure upon which to build an enterprise governance program. [...]