The Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media, whether electronic, paper or oral.
An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to asses this internal control structure.
Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident […]
Internal controls are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating properly. In this post, we will discuss what internal controls […]
Over the last decade, blockchain security and how it affects cybersecurity has become a hot topic among the information technology and financial circuits. But as with all technology, one must ask how safe it is to use. The most common form of blockchain implementation is known as Bitcoin. Bitcoin has since become one of many […]
As the requirement to receive SOC 1 or SOC 2 reports as part of a contract, request for proposal (RFP), or security program increases as a barrier to receiving major clients, it’s important to understand who can perform these audits. This post will identify a number of questions to answer who exactly can perform SOC […]
In simple terms, security data breaches are when a company vulnerability (technical or non-technical [i.e. employee related]) is exploited and, as a result, access to customer information or other data, applications, or networks is granted to an unauthorized individual. When a breach occurs, depending on the security framework, notification of the security breach is required. […]
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA, the proposal suggests that those who are HITRUST compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what that means? It […]
Each online business application has their own set of assets that need to be protected in order for them to maintain privacy of information and maintain a positive reputation in the eye of clients or consumers. In the post, we will discuss the principles of security and privacy, define terms used to complete risk assessments, […]
Over the last year, the world saw a number of major security breaches in the news. Some notable ones include the Equifax data breach, Uber data breach, WannaCry cyber attack, and the list goes on. While each of these had its own unique security vulnerability that was exploited they all shared in at least one […]