Our firm has been a HITRUST External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most […]

Although Artificial Intelligence (AI) has been around since the late 1950s, it has been out of the public’s attention. It wasn’t until late 2022 when Open AI released ChatGPT for public use that AI captured the public’s attention and renewed interest in the technology. Bloomberg predicts the AI market to explode from a $40 billion […]

One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]

In today’s ever-changing digital landscape, cybersecurity is of utmost importance. As technology progresses, so does the creativity of cybercriminals. With programs like ChatGPT, people are beginning to wonder what role AI plays in cybersecurity, the threat AI poses to their IT infrastructure, and how they can stay ahead of the risk. Shall We Play A […]

In today’s fast-paced business environment, organizations face numerous risks and uncertainties that can disrupt their normal operations. What do you do and how do you respond when a disaster hits that causes a disruption or outage of your services? From natural disasters to cyberattacks, these unforeseen events can have devastating consequences on business operations and […]

After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]

In the ever-evolving landscape of technology, organizations rely heavily on their information systems and digital infrastructure to operate efficiently and securely. However, with technological advancements come new risks and vulnerabilities. To determine the integrity, availability, and confidentiality of data, organizations turn to Information Technology (IT) audits—a systematic evaluation of their IT systems and controls. In […]

In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your sensitive private data such as your personally identifiable information (PII) and your electronic protected health information […]

Software supply chain attacks increased by 650% during 2021.  In addition, Gartner® predicts that by 2025 “45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.” The need for users to understand supply chain processes and the controls that exist to minimize risks around supply chain activities […]

Many of our clients and prospects get asked for a “SOC report” from their clients or customers without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and […]