Service organizations vary widely in nature, but all need to assure their clients’ trust. One significant hurdle to that effect is securing the networks upon which you and your customers rely. A SOC 2 audit, using the American Institute of Certified Public Accounts (AICPA) Trust Services Criteria (TSC), goes a long way toward earning that trust. Implementing network security monitoring solutions and techniques help ensure a successful SOC 2 audit report and optimize your cyberdefenses more broadly. (more…)
Category: Compliance Standards
Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.
-
The HITRUST Cybersecurity Framework Assessment Methodology
One of the most comprehensive cybersecurity frameworks companies can implement is the HITRUST Alliance’s CSF. Full certification has many benefits, including streamlined compliance across other regulations and optimal security. Conducting a HITRUST Readiness Assessment, internally or with professional help, is one of the best ways to prepare for full implementation. (more…)
-
A Comprehensive Guide to PCI DSS Audit Procedures
Compliance with the Payment Card Industry’s (PCI) Data Security Standards (DSS) requires annual reporting. This annual compliance reporting involves extensive PCI DSS audit procedures for organizations that handle the highest transaction volumes. The audit procedures are conducted during the completion of an on-site assessment known as a Report on Compliance (ROC). (more…)
-
What is the HITRUST De-Identification Framework?
The HITRUST Alliance is a trusted cybersecurity institution that develops frameworks to help organizations optimize their cybersecurity programs, often with the help of a managed security services provider (MSSP). One of the most useful guidance documents HITRUST publishes is the HITRUST De-Identification Framework, which standardizes practices that apply primarily to healthcare institutions but are easily adaptable and scalable to organizations in any industry. (more…)
-
What is the GDPR Data Breach Reporting Time?
Companies interacting with European Union (EU) member states need to protect individual citizens’ data per the General Data Protection Regulation (GDPR). The GDPR breaks down specific rights for data subjects and the responsibilities that the entities processing or controlling their data must meet. If a data breach occurs, organizations must comply with GDPR notification requirements. (more…)
-
Safeguarding Covered Defense Information and Cyber Incident Reporting
If your company is a supplier or contractor with the US Department of Defense (DoD), it has to comply with several regulations to ensure the safety of US citizens, domestic and abroad. The most comprehensive is the Defense Federal Acquisition Regulation Supplement (DFARS). It specifies the requirements pertaining to covered defense information (CDI), including ways to safeguard it and report on any cyber incidents that could compromise it. (more…)
-
DoD CUI Categories to Protect for NIST and DFARS Compliance
Organizations seeking contracts with the Department of Defense (DoD) need to comply with the Defense Federal Acquisition Register Supplement (DFARS). (more…)
-
How to Complete a PCI Attestation of Compliance
Per a study from TSYS, 80 percent of US consumers prefer credit or debit card payments over cash and other options. So, if your organization doesn’t process card payments, you potentially inconvenience four out of five prospective customers—which, at scale, isn’t beneficial. (more…)
-
How to Conduct a PCI Gap Assessment
Is your organization ready to comply with the Payment Card Industry (PCI) Data Security Standard (DSS) framework? If you process or store credit card data, you’ll need to be. (more…)
-
Basic Risk Analysis Strategy in Healthcare
Conducting a risk analysis is one of the initial steps healthcare entities must complete for HIPAA Security Rule compliance. The Security Rule was published by the U.S. Department of Health and Human Services (HHS) and establishes national standards for protecting electronic protected health information (ePHI). (more…)