Fred Maldonado

Imagine your mid-sized firm has just received an exhaustive 200-question security audit from its largest enterprise client, coupled with a Board of Directors suddenly demanding a formal policy on “AI Safety.” Without a dedicated security leader, these high-stakes requests often land on the desk of an already overstretched IT Director, leaving your organization reactive, vulnerable, [...]

In a world where digital risk, regulatory expectations, and emerging technologies are accelerating, strong IT Governance remains foundational. SOC 2 compliance continues to be a key mechanism for service organizations to show they have strong controls. Understanding how IT governance and SOC 2 align, and where recent changes affect that alignment, is more critical than [...]

All SOC 2 examinations must include security common criteria. This includes reviewing a company’s (i.e., entity’s) risk assessment process (risks identified, risk matrix, controls in place to address the risks, etc.). However, one of the challenges that the AICPA has found when it comes to doing risk assessments is that companies are unclear on what [...]

Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. In 2024, several high-profile data breaches exposed sensitive information, highlighting the ongoing struggle to protect PII, PCI, and PHI. In March, AT&T was breached, compromising data from 7.6 [...]