Compliance

Third-Party Vendor Management Best Practices

The new SOC 1 standard, SSAE 18, was made effective May 1, 2017. This standard requires that service organizations implement and describe their vendor management practices for third-party service organizations. Read more: Making the Switch from SSAE 16 to SSAE 18 In order to help organizations meet these updated requirements, our assessors have assembled a […]

Read More

Becoming Certified to Access the Limited Access Death Master File

What is the Limited Access Death Master File (LADMF)? The LADMF, or Limited Access Death Master File, contains sensitive information that cannot be disclosed during the three-year period following an individual’s death, including: Social Security Number Name Date of Birth Date of Death Read now: [Whitepaper]: Cyber Defense Guide 2017 – Part 1 Effective November […]

Read More

Family Affair: Using ISO 27001 to conform to ISO 27017 and ISO 27018

ISO 27000 Family – Information Security Management Systems The ISO 27000 family of standards is related to an organization’s information security management systems, or ISMS. This international standard helps organizations by providing a clear set of requirements that can be used to manage the security of the business’ assets. An ISMS is a systematic approach […]

Read More

HITRUST Updates: CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9

On March 1, 2017, HITRUST announced its roadmap for 2017, which included improvements to the HITRUST CSF and a renewed focus on smaller healthcare organizations. The roadmap focuses on combating cyber threats and information risks while advancing protection standards regarding healthcare data through CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9, and CSF Assurance Program v9. […]

Read More

New York Instates First Mandated Cybersecurity Law

Due to the increasingly significant threat of cybercrime on businesses and consumers, New York has released cybersecurity requirements for financial services companies in the state of New York. While the SEC currently mandates that organizations need to implement “reasonable safeguards to protect a client’s nonpublic information,” the new law provides more clarity for organizations to […]

Read More

Outline of Guidance for PCI DSS Scoping and Network Segmentation

In order to clarify scoping and network segmentation principles in PCI DSS, the PCI SSC has released additional guidance in order to help organizations identify what systems are considered in scope for PCI DSS assessments. This guidance was developed by industry experts and the PCI SSC Board of Advisors in order to assist organizations in […]

Read More

SOC 1 for Payroll Providers

Why are people asking my payroll company for a SOC 1 report? Payroll is one of the most commonly outsourced business functions, making SOC 1 necessary to ensure to clients that payments are made accurately and in a timely fashion to the necessary parties. Penalties for failing to file or pay taxes, or other fees […]

Read More

Social Engineering 101: What is Phishing and How do I Prevent It?

What is Phishing? Phishing is a series of communications that are sent in order to deceive individuals to provide sensitive information. Phishing can take the form of email messages, website forms, or phone calls and can be designed to reveal different information.  This information can take the form of: Credit card or other financial information […]

Read More

3 Security Trends that will Continue in 2017

With the ushering in of another new year, I find myself acting nostalgic, wondering where the previous year went and of course pondering the year ahead. Here are three security and commerce trends which will continue in 2017. Healthcare Data Breach According to the Privacy Rights Clearinghouse, healthcare data breaches in 2016 comprised of 290 […]

Read More

Making the Switch from SSAE 16 to SSAE 18

When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard. In the Spring 2016, The AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE […]

Read More