Hilary Stavrakas

In the following paragraphs, we’ll discuss what hardening means, the benefits and disadvantages it brings, and where to begin in the process of securing an operating system. Let’s first understand what the hardening process is. The concept of hardening, in relation to computing, is when the system is made more secure through the use of [...]

Audit risk assessments are an integral part of any company’s internal control structure and are relevant to compliance frameworks, including SOC 2, HIPAA, and ISO 27001. Risk assessments can be daunting as they encapsulate risks across an entire company, and it can be difficult to understand what considerations should be taken and even where to [...]

Access control encompasses a broad range of concepts and practices that can vary significantly depending on an organization’s industry, risk appetite, and compliance requirements. This blog focuses specifically on the post-implementation phase of access control. It discusses the critical questions: “Once access controls are in place, how do you make sure they remain effective? What [...]

Organizations continue to face an ever-growing number of cybersecurity threats. As threats become more sophisticated and advanced, it is critical to protect the network and sensitive data. Two tools that can aid in safeguarding your network and data are an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS). They both play important roles [...]

In order to properly assess the relevance of HIPAA compliance to your organization, it is important to understand what a Covered Entity (CE) and a Business Associate (BA) are. In this blog we’ll talk about what these items are, the differences between them, and how they are handled differently when assessing HIPAA compliance. Differences Between [...]

Disaster recovery plans and business continuity plans are unique to each and every company. In this article, we will walk through the purpose of these documents, their similarities and differences, the relevant controls, and common scenarios for disaster recovery. What Is the Purpose of a DRP? How Is It Different Than a BCP, BIA, & [...]

Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words “qualification” or “misstatement”, but what about the less scary but still important term: deficiency? This is also known as a “finding” or “gap” and a deficiency can also be [...]

An audit is intended to build trust, decrease risk and encourage efficiency in business practices. While these traits are important for all businesses, they are critical for entities within the healthcare industry. No company is immune to risk, but those in the healthcare industry have a higher inherent risk based on the types of data [...]

Service organization environments are ever-changing. As the organization adapts, the systems used by the service organization change in alignment. This process of migrating to a new application or migrating your infrastructure to the cloud can be significant, not just to the organization, but to the service organization’s users. What is a Data Migration & When [...]

Section 5, the unaudited section, of the SOC 2 report can vary significantly between reports. It may contain a lot of details about the service organization or it may only contain a response from management for a deficiency. So what can go in this section? There are various topics that can be included that can [...]