RSI Security

Rethinking Your Cybersecurity

Category: Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

  • Understanding AICPA Audits and Attestations: SSAE 16, SOC 1 vs. SOC 2, and Other Standards

    Understanding AICPA Audits and Attestations: SSAE 16, SOC 1 vs. SOC 2, and Other Standards

    Service organizations that outsource certain services must protect stakeholder information from cybersecurity risks. One of the best methods to demonstrate your ability to do so is adhering to AICPA standards and guidance (commonly assessed via SOC audits). Organizations may wonder which of the standards and assessments best suits their needs: SSAE 16 SOC 1 vs. SOC 2 or other standards? Read on to learn more about the various AICPA attestations. (more…)

  • How to Optimize Data Encryption in Healthcare

    How to Optimize Data Encryption in Healthcare

    Encrypting personal and personally identifiable information (PII) is critical for organizations in industries prone to cybersecurity threats, such as healthcare. Data encryption in healthcare is one essential part of compliance with regulatory frameworks such as HIPAA and HITRUST CSF, and it can be optimized by following some cutting-edge best practices. Read on to learn more. (more…)

  • Why Do You Need SOC 2? A Guide for SaaS Providers

    Why Do You Need SOC 2? A Guide for SaaS Providers

    Why do you need SOC 2 for providing SaaS services? SOC reports and audits can help service organizations assure clients and customers of robust, secure internal controls for managing outsourced services and associated data. Read on to learn how SOC 2 compliance can help you build trust assurance for your clients. (more…)

  • How to Meet the CCPA Requirements for Enterprise Privacy Risk Assessment?

    How to Meet the CCPA Requirements for Enterprise Privacy Risk Assessment?

    The California Consumer Protection Act (CCPA) was created to respect and protect consumer data. It ensures certain rights—like the right to opt-out of data collection programs—and it introduces numerous disclosure, privacy policy, and enterprise privacy risk assessment requirements that organizations must follow. (more…)

  • What Are the HITRUST Encryption Requirements?

    What Are the HITRUST Encryption Requirements?

    Founded in 2007, HITRUST initially provided a comprehensive framework for safeguarding protected health information (PHI) and electronic health records (EHR) in the medical industry. Since then, the HITRUST CSF has expanded to include the most widely applicable compliance requirements across numerous industries and organizational activities. Although there aren’t any specific HITRUST encryption requirements, some of the standards it includes—specifically, HIPAA—do require encryption. (more…)

  • Does Your Organization Need Privacy by Design Certification?

    Does Your Organization Need Privacy by Design Certification?

    Privacy by Design certification helps ensure acceptable privacy standards per the European Union’s (EU) General Data Protection Regulation (GDPR). Although certification is not explicitly a GDPR requirement, the concept of Privacy by Design (PbD) is. What certification achieves is one of the few up-front and tangible methods to demonstrate that protecting data subjects’ personal information is an essential consideration factored throughout systems design, service delivery, and ongoing management. Despite the GDPR’s recent publication, designing IT systems around data privacy is nothing new nor exclusive to the EU’s regulation.  (more…)

  • How to Conduct a SOC 2 Gap Assessment

    How to Conduct a SOC 2 Gap Assessment

    System and Organizations Controls (SOC) reporting comes in multiple varieties, with each kind applying to different industries or intended for different audiences. SOC 2 is primarily aimed at Software-as-a-Service (SaaS) providers and similar service organizations. Although SOC 2 compliance provides a comprehensive framework for security, data integrity, user privacy, and more, there are some issues that can only be identified with a SOC 2 gap assessment.   (more…)

  • What is the SOC 2 Certification Validity Period?

    What is the SOC 2 Certification Validity Period?

    Overseen by the American Institute of Certified Public Accountants (AICPA), SOC 2 evaluates the implementation of effective standards and controls for organizations outside the financial sector, including software-as-a-service (SaaS) providers. Since the SOC 2 certification validity period only lasts for a limited amount of time, those pursuing certification on a long-term basis will need to dedicate themselves to learning and maintaining these rules.  (more…)

  • What Can You Do After a HITRUST Assessment Failed? Top Remediation Strategies

    What Can You Do After a HITRUST Assessment Failed? Top Remediation Strategies

    With more than 20 individual processes, requirements, and standards under its umbrella, the HITRUST Alliance provides a centralized set of guidelines for professionals in the healthcare industry and beyond. Unfortunately, because it incorporates so many frameworks, many entities who take a HITRUST assessment failed their initial or secondary attempts. Thankfully, there are plenty of remediation strategies available—including retaking the test—for those who have yet to pass. (more…)

  • CCPA Email Marketing Compliance Guide

    CCPA Email Marketing Compliance Guide

    Companies that market services or products to consumers in California must comply with CCPA email marketing guidelines to protect data privacy. Essentially, the CCPA protects the rights of consumers in California regarding the collection, use, or sale of personal data. Read on to learn more about CCPA email marketing compliance.
    (more…)