IT Audit & Compliance Blog

Any organization that has completed a HITRUST assessment knows they represent a significant amount of effort and a significant commitment to compliance and certification. While many HITRUST levels of certification are only good for one year, HITRUST’s r2 certification is good for two years, but…the HITRUST r2 certification requires an ‘interim’ assessment every other year […]

Auditors performing financial statement audits are already aware of the Public Company Accounting Oversight Board (PCAOB) auditing standard AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion effective for audits of fiscal years ending on or after December 15, 2017. Within this standard are the requirements […]

Disaster recovery plans and business continuity plans are unique to each and every company. In this article, we will walk through the purpose of these documents, their similarities and differences, the relevant controls, and common scenarios for disaster recovery. What Is the Purpose of a DRP? How Is It Different Than a BCP, BIA, & […]

What is HITRUST Certification? Founded in 2007, HITRUST issues certifications to businesses and organizations that are independently assessed for compliance with its Common Security Framework (CSF). An organization can obtain HITRUST certification when all the required controls are fully implemented within the scoped environment. The HITRUST CSF is designed for use by a variety of […]

Our firm has been a HITRUST External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most […]

Although Artificial Intelligence (AI) has been around since the late 1950s, it has been out of the public’s attention. It wasn’t until late 2022 when Open AI released ChatGPT for public use that AI captured the public’s attention and renewed interest in the technology. Bloomberg predicts the AI market to explode from a $40 billion […]

Within this blog post, we will discuss the importance of knowing how to read an information security standard ISO certificate received from an ISO-certified entity. The knowledge gained from this blog will assist readers in determining that the certificates they obtain are valid. Receipt of a valid ISO certification certificate from a vendor or subservice […]

One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]

Data classification is the underlying focal point of many compliance standards and requirements. Identifying, categorizing, and maintaining data protection can help achieve compliance requirements, reduce legal risk, prioritize the implementation of security controls, and in turn effectively allocate resources. What Is Data Classification & Why Is it Important? Knowing what data your organization collects, uses, […]

In today’s fast-paced business environment, organizations face numerous risks and uncertainties that can disrupt their normal operations. What do you do and how do you respond when a disaster hits that causes a disruption or outage of your services? From natural disasters to cyberattacks, these unforeseen events can have devastating consequences on business operations and […]