Under the Patient Protection and Affordable Care Act (the “ACA”), health insurance marketplaces have been set up to facilitate the purchase of health insurance in each state.
About Umar Aziz (CISA, PMP)
Umar has over 15 years of experience in internal control-based audit, project management, cybersecurity consulting, attestation, and assurance services; 7 of those years were with the “Big Four” accounting firm, KPMG. He has overseen numerous SOC 1 and SOC 2 audits and other IT Compliance audits, including NIST 800-53. He has vast experience implementing comprehensive IT compliance frameworks for clients both in the public and private sectors. Umar is a certified information systems auditor (CISA) and received his Bachelor of Science degree in Business Information Technology from Virginia Tech.
Zero Trust Implementation – Guidelines & Best Practices
I’m sure you have heard the saying “trust, but verify” which has been a common theme in the audit world. The new saying for cybersecurity goes “never trust, always verify,” and that is the core of zero trust security. One of our clients was in the process of setting up a new environment for their […]
IT Audits 101: Professional Guidance From an IT Auditor
In the ever-evolving landscape of technology, organizations rely heavily on their information systems and digital infrastructure to operate efficiently and securely. However, with technological advancements come new risks and vulnerabilities. To determine the integrity, availability, and confidentiality of data, organizations turn to Information Technology (IT) audits—a systematic evaluation of their IT systems and controls. In […]
SOC 2 Audits for Small Businesses & Start-Ups: Tips for Preparedness
Is your organization growing and are your clients asking if you have specific certifications? You are not alone. Many small businesses or start-ups with incredible products or services have found themselves in the same situation. The SOC 2 compliance status of a cloud service provider or Software-as-a-Service (SaaS) company is an important factor when choosing […]
Defense in Depth: What It Is & How It Relates to SOC 2 Compliance
This article will outline a high-level overview of the concept of defense in depth, how it was applied to help a client, as well as tie in how the concept relates to the ability to meet SOC 2 requirements. To start, we would like to share a real-life scenario where defense in depth was applied […]
Robotic Process Automation (RPA) Audit Process Guide & Impacts
RPA is the automation of digital processes in which a software robot takes over the human actions in any software. The technology simplifies the build, deployment, and management of software robots that emulate human actions interacting with digital systems and software. In this article, we will outline the use of RPA and the impacts on […]