Within this blog post, we will discuss the importance of knowing how to read an information security standard ISO certificate received from an ISO-certified entity. The knowledge gained from this blog will assist readers in determining that the certificates they obtain are valid. Receipt of a valid ISO certification certificate from a vendor or subservice […]

One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]

Data classification is the underlying focal point of many compliance standards and requirements. Identifying, categorizing, and maintaining data protection can help achieve compliance requirements, reduce legal risk, prioritize the implementation of security controls, and in turn effectively allocate resources. What Is Data Classification & Why Is it Important? Knowing what data your organization collects, uses, […]

In today’s fast-paced business environment, organizations face numerous risks and uncertainties that can disrupt their normal operations. What do you do and how do you respond when a disaster hits that causes a disruption or outage of your services? From natural disasters to cyberattacks, these unforeseen events can have devastating consequences on business operations and […]

Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]

After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]

It is a misconception that the job of an auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements

When preparing for a SOC 1 or SOC 2 examination, service organizations, particularly those who elect to report their subservice organizations using the carve-out method, often conclude that anything related to their subservice organizations is out of scope for their own SOC report.  However, that is not the case. This blog will discuss the requirements […]

With the frequent personnel changes that many companies are experiencing right now, it’s important to consider how turnover affects companies’ compliance efforts. Almost every company is required to comply with some type of law, rule, regulation, or reporting standard.  This blog post will provide some ideas for helping to provide sufficient compliance training as part […]

With the rise of organizations providing artificial intelligence (AI) or machine learning (ML) tools and services, one has to wonder about the risks associated with those services and the security, at the very least, of the data used for and created as a result of the AI and ML services. Data considerations include the makeup […]