Sitemap

Posts by category

• Category: Auditing Standards
  • SSAE No. 21: New AICPA Engagement for ‘Direct Examination’
  • A Guide to Data Center Audits & Reports for a Variety of Industries and Specialized Requirements
  • 3 Steps to Creating a Successful Continuous Auditing Process
  • Our Commitment to You: How We’re Expanding to Better Serve Our Clients in 2019
  • Category: SSAE 18
    • Subservice Organizations & SSAE-18: The Carve Out vs. The Inclusive Method
    • Key Distinctions Between AT Section 101 And SOC 1
    • What Is Required for Your SSAE 18 Reports?
    • Attestation Matters Regarding SSAE 16 and the New Release of SSAE 18
  • Category: SSAE-16
    • The New World Created by SSAE 16
• Category: Company News
  • Coronavirus Outbreak: Keeping Auditing & Compliance on Track with Remote Working
  • Points Worth Repeating: Best Blogs of 2019 and Tips for 2020
  • Category: Remote Auditing
    • Work from Home SOC 2: Overcoming Cyberattack Challenges
• Category: Cybersecurity
  • Why Your IT Company Needs a Security Audit Partner
  • Why Small Business Security Matters for Your Large Corporation
  • The NIST Cybersecurity Framework: An Introduction to the 5 Functions
  • What You Need to Know about the CMMC 
  • 100% Remote: IT Security Assessments & Compliance Attestations
  • IT Security Challenges in Healthcare During the COVID-19 Pandemic
  • Impact of the EU Cybersecurity Act Surprises Many U.S. Businesses
  • Top 4 Types of Risk Impacting Manufacturing Companies
  • Cybersecurity: Is SOC or SOC 2 Right for Your Needs?
  • Understanding the EU Cybersecurity Act and Its Effect on Businesses
  • 12 Commonly Asked Questions About CIS Controls
  • Privacy, Cybersecurity & ISO 27001: How Are They Related?
  • The Top 4 Cybersecurity Attacks Your Business Could Face
  • The NIST CSF Update: Everything You Need to Know to Get Up to Speed
  • Prepare for the Increasingly Expanding Responsibilities of the Chief Risk Officer
  • The Most In-Demand Certifications for IT Professionals
  • Learn the Key Differences Between Vulnerability Scans and Penetration Tests
  • Changes are on the Horizon for Your Encryption Protocols: Are You Ready?
  • Would My Organization Benefit from the Utilization of a Third-Party Managed Security Service Provider?
  • Compliance and Security Naturally Work Together in Harmony for Your Business
  • A Closer Look at SOC for Cybersecurity for a Better Understanding
  • Brushing Up Your Cybersecurity in 2018: How the Landscape Has Changed
  • The Top 5 Cybersecurity Challenges Facing Financial Service Institutions
  • Security Surprise: Enforcing Regular Password Changes Puts Your Organization at Risk
  • Outsourcing IT Security vs. Hiring an In-House Specialist
  • A Cybersecurity Checklist that will Get You Into the Holiday Spirit
  • Reap the Benefits of SOC for Cybersecurity Assessment for Your Organization
  • COSO’s 2013 Framework- A New Standard for Internal Control
  • Category: Cloud Security
    • Cybersecurity Post-Pandemic: Protecting Health Data from Rising Threats
    • Preventing Healthcare Data Breaches with the HITRUST CSF®
    • Security for Healthcare Organizations in the Cloud with HITRUST® Assurance
    • What You Need to Know About SOC 2 for Cloud Security
    • Webinar: “Overview of Cloud Basics”
    • Coming Soon: A Single Track to EU Cybersecurity Certification in the Cloud
    • Pandemic Increases Urgency for Moving to the Cloud
    • CSA Cloud Controls Matrix: Why It Is Important When Working With The Cloud
    • What is the CLOUD Act and Can It Impact Your Business?
    • Top 4 Most Trusted, HIPAA-Compliant Cloud Storage Services [Updated for 2018]
    • Keep Your Data Safe with the Right Audit for Your Cloud Service Provider
    • Cloud Service Provider Compliance and Its Importance to Your Business
    • Internal Control Audit of A Cloud Infrastructure
  • Category: Cybersecurity Training
  • Category: Data Mining
    • Explore the Process of Data Mining to Discover the Best Techniques
    • Generating Value from Big Data Analytics
  • Category: Data Security
    • Will the U.S. Adopt a Nationwide Data Privacy Law Similar to GDPR?
    • University Network Security Is Now More Important Than Ever
    • States Are Leading Efforts to Improve U.S. Data Privacy
    • Do You Do Business in Nevada? Here’s What You Need to Know About Security
    • The Massachusetts Data Protection Act: Tightening Up Individual State Data Privacy Laws
    • What Is the FTC Red Flags Rule and Who Must Comply?
    • Try These 5 Steps to Complete a More In-Depth Threat Assessment
    • The Top 5 Factors to Consider When Using Big Data Technology
    • 6 Tips to Segment a Network to Better Protect Your System
    • Choose the Right Penetration Testing: Black Box vs. White Box
    • Need-to-Know Details About Virtual CISOs
    • 5 Key Steps to Developing a Solid Data Retention Policy
    • What Does a GDPR Data Protection Officer Do: Do You Need One?
    • How to Create An 8-Point Office IT Security Checklist
    • The Top 5 Workplace Privacy Myths That Employees Must Stop Believing
    • Why Healthcare Security Is A Must
    • The Future of Cybersecurity Regulations: March 1, 2017 New York DFS Changes
    • The WannaCry Ransomware String of Attacks: What Is the Story?
    • A Solid ERM Strategy Can Help Your Organization Achieve Effective Risk Management Control
    • The Top 5 Data Breaches of 2016
    • Vigilance Is the Key to Keeping Your Data Secure in 2017
    • As the Mobile World Continues to Grow, So Should Your Data Security Efforts
    • Personally Identifiable Information: What You Should Know and Do About Protecting It
    • Data Security for Your Mobile Device
  • Category: Network Security
    • 6 Questions to Consider Before Launching Your Next Penetration Test
    • Build a Comprehensive Network Security Checklist for Your Organization
    • Guard Your Company’s Computing System from Ransomware
    • What are Webtrust and Systrust?
    • COBIT & Val IT – How These Frameworks Help Your Business
    • How Often Should You Have Your Database Updated?
    • 5 Most Common Vulnerabilities in Your Organization’s Computing System
    • Safeguard Company Data: 7 Vital Tips to Increase Password Protection
    • Penetration Testing for Web Applications
    • The 5 Top Data Breaches of 2015
    • How to Respond to a Data Breach
    • Preparing for Cybersecurity in 2016
    • New Year’s Resolutions for Better Data Security in 2016
    • Are USB Drives Undermining Your Network Security?
    • Penetration Tests and Vulnerability Assessments: Two Different Methods of Fortifying Your Network
  • Category: NIST Assessments
    • Tips for Preparing Your Next NIST Risk Assessment
    • About NIST SP 800-53 | What You Need to Know to Maintain Compliance
  • Category: Penetration Testing
  • Category: VCISO
• Category: Healthcare Compliance and Risk Mitigation
  • Make Sure Your Team Is Meeting Compliance Controls & Processes
  • How Can The COSO Framework Improve Your Organization’s Internal Controls
  • 10 Security Essentials Your CIO Needs to Know for Peace of Mind
  • IRS-1075 Compliance Tips for Your Organization
  • Understanding MARS-E Compliance: Health Insurance Exchanges Security
  • SSAE 18 Audits Allow Customers to Trust a Payroll Company’s Services
  • Is Joint Commission Accreditation Right for your Healthcare Brand?
  • How Do Internal Audits Work?
  • The Five Types of Testing Methods Used During Audit Procedures
  • Auditing Exceptions and How They Might Impact Your SOC Reports
  • 11 Common Questions About SOC 2 Auditing and Reporting
  • Establish an Effective Internal Control Environment That Reflects Your Organization’s Values
  • The Continuing Expansion of the Insurance Compliance Officer Role
  • Privacy vs. Confidentiality in a SOC 2: Do You Know the Differences?
  • How to Best Communicate Your Security and Compliance Requirements to Potential Business Clients & Partners
  • The Evolving Role of SOC Reports: Anticipating the Development of SOC for Vendor Supply Chains
  • 3 Key Steps for Creating a Unified Control Framework to Simplify Compliance
  • Ethics Versus Compliance: Drawing a Distinction Between These Two Professions
  • 2017 CPA Exam: Changes to Skill and Content Specifications
  • Fine Tune Your Compliance By Better Understanding Model Audit Rule Requirements
  • Implement a Few Simple Tips To Ensure Solid Year End Compliance
  • What Upcoming Regulatory Challenges May Your Organization Face?
  • Are You Still Compliant with TSP Section 100?
  • Identifying Common Compliance Misconceptions
  • Prevent Internal Fraud With Awareness and a Solid Strategy
  • Compliance Issues That Your Insurance Company Should Know
  • SOC 2 vs. ISO 27001 & 27002: Which is Right for your Company?
  • Category: Agreed Upon Procedures
    • Agreed-Upon Procedures vs. SOC 2 Audits: Which One Do You Need?
  • Category: California Consumer Privacy Act
    • A Comparison of GDPR and CCPA
    • California Consumer Privacy Act: What You Need to Know About This New Legislation
  • Category: Disaster Recovery
    • Disaster Recovery Terms Glossary
    • Everything You Need for Your Next Disaster Recovery Audit
    • Who Is an Internal Auditor and How Is the Role Crucial to Disaster Recovery?
    • Determine How Often You Need to Review and Update Your Disaster Recovery Plan
    • What a Business Continuity Plan Is and Why You Need One Right Away
    • How to Reduce Risk When Working with Healthcare Business Associates
    • Disaster Preparedness and Recovery for Small Businesses
  • Category: Enterprise Risk Management
    • Build a Risk Management Program with the HITRUST CSF®
    • Green Power Pass (GPP): The Benefits of Renewable Energy Certification
    • IT Incident Response Plan: Key Steps to Implement
    • Business Leaders’ Top Concerns as Enterprise Risk Rises in 2020
    • Risk Management, Risk Assessment or Risk Analysis: What Do You Need to Keep Risk in Check?
    • Keep Tabs on the Future of Financial Risk Management
    • Enterprise Risk Management [Part III]: 5 Examples of Positive Risk
    • Enterprise Risk Management [Part II]: What is a Risk Assessment Matrix?
    • Enterprise Risk Management [Part I]: A Primer on the Basics of Third-Party Risk Management
    • Internal Auditor’s Expanding Role in Enterprise Risk Management
  • Category: FISMA
    • Guidelines for Developing your Data Retention Policy
    • Are You Confident That Your Organization Is FISMA Compliant?
  • Category: GDPR
    • The Key Differences Between PCI and GDPR
    • Our Takeaways from the Extension to ISO/IEC 27701:2019 – Will ISO 27701 Be the New GDPR Certification Standard?
    • GDPR One Year Later: What Impact Has It Made?
    • Achieve & Maintain Peak GDPR Compliance with These 5 Technology Solutions
    • 4 Ways to Use PCI DSS to Achieve GDPR Compliance
    • Taking a Closer Look at the Role of Your CISO for GDPR
    • Dos and Don’ts of GDPR Compliance
    • U.S. Companies Need to Gear Up for GDPR Compliance: 5 Ways To Prepare
    • Why Multinational Companies Need to Care About GDPR Compliance
  • Category: GLBA
    • Essential Guide to GLBA Compliance & Audits
    • Learn About the Types of Institutions That Benefit from a Successful GLBA Audit
    • 4 Tips for Consistently and Confidently Meeting GLBA Compliance Requirements
    • How to Avoid Common GLBA Compliance Mistakes
    • Learn More About the GLBA Risk Assessment Matrix
    • Protect Your Financial Organization’s Private Data By Ensuring GLBA Compliance
  • Category: HIPAA/HITECH
    • HITRUST® Guidelines for Setting HIPAA-Compliant Passwords
    • HIPAA vs. HITRUST: What are the Differences?
    • HIPAA-Compliant Telehealth: Avoiding HIPAA Violations During A Pandemic
    • Should HIPAA Audit Logs be Kept for 6 Years?
    • What Is the Direct Liability of Business Associates Under HIPAA Rules?
    • HIPAA Privacy Rule vs. Security Rule
    • What Is in a HIPAA Risk Analysis & Tips for How to Pass Your HIPAA Audit?
    • What Is the HIPAA Privacy Law and What Does It Mean to Your Organization?
    • Understanding the HIPAA Security Rule and Its Compliance
    • The Importance of Disaster Recovery for Healthcare Organizations and HIPAA Compliance
    • Which Matters More: HIPAA or State Law?
    • Three Effective Ways to Prove HIPAA Compliance
    • What Do We Mean by “Protected Health Information”?
    • The 4 Most Common Compliance Risks and How to Avoid Them
    • Common HIPAA Violations and How to Avoid Them
    • Does HIPAA Certification Guarantee HIPAA Compliance?
    • HIPAA Compliance & Cell Phones: Staying Compliant While Staying Connected
    • PCI DSS Compliance vs. HIPAA Compliance: Key Similarities and Differences You Should Know
    • HIPAA and PCI Compliance: The Overlap and Distinctions
    • 7 Essential Questions to Ask Your HIPAA Hosting Provider
    • What Your CISO Needs to Know About HIPAA
    • Tracking Compliance Through Phase 2 HIPAA Audit Programs
    • Your HIPAA Compliance Checklist
    • Finding Your Way in the New World of HIPAA/HITECH
  • Category: HITRUST
    • The Cost of HITRUST® Certification: Why It’s Worth It
    • Quiz: Is HITRUST CSF the Right Choice for Your Organization?
    • Quickly Evaluate Third-Party Business Partners with HITRUST® Risk Triage
    • Time to Talk to Your Business Associates About HITRUST CSF Certification?
    • Combining HITRUST® and SOC 2 Makes Compliance More Efficient
    • How the HITRUST PRISMA Model Delivers ‘Rely-Ability’
    • HITRUST Maturity is the Strongest Defense Against Data Breaches
    • How the HITRUST CSF is Expanding Beyond Healthcare in 2020
    • What Is the HITRUST CSF? Learn How to Protect Data Security
    • How to Get HITRUST Certification in 4 Clear Steps
    • What Is a HITRUST® Interim Assessment?
    • HITRUST® Scope: Factors to Determine HITRUST Engagement
    • How HITRUST Validated and Readiness Assessments Are Scored
    • HITRUST Glossary of Terms within the Phases of HITRUST
    • What Does It Mean to Be HITRUST CSF Certified?
    • Overview of the HITRUST Quality Assurance Review Process
    • Overview of the HITRUST CSF Validated Assessment
    • HITRUST CSF Assessment Preparation Guide
    • The Power of Gap Analysis & Remediation for HITRUST CSF Certification
    • Overview of the HITRUST CSF Readiness Assessment
    • Streamline Your SOC Audit Using HITRUST CSF Built-In Control Categories
    • The HITRUST RightStart Program: An Accelerated Path to Compliance for Startups
    • Benefits of Having a CPA Firm Perform your HITRUST CSF Assessment
    • HITRUST Shared Responsibility™ Program: Understanding CSP Security Control Coverage
    • What to Know About the New HITRUST CSF v9.3: Effective January 1, 2020
    • HITRUST CSF 90-Day Rules: Maturation and Assessment Period Review
    • I.S. Partners, LLC Obtains Approval as HITRUST CSF Assessor
  • Category: Internal Audit
    • Internal Control: 5 Key Principles of COSO Framework
    • How Often Are Internal Audits Needed for Your Organization
    • How to Choose an Internal Auditor
    • Top 5 Benefits of an Internal Audit for Your Company
    • Outsourced and Co-sourced Internal Audits: Which One Is Right for Your Organization?
    • Why Organizational Readiness Assessments are Important
    • Gap Analysis vs. Internal Audit: Which Evaluation Process Do You Need?
    • Differences Between Risk Assessment vs. Internal Audit
    • Learn More About Your Internal Auditor and 5 Things They Need for an Internal Audit
    • Learn What Attestation, Assurance and Auditing Means in the CPA Industry
    • Learn the ABCs of CISA
    • Top Benefits Associated with Internal Audit Co-Sourcing
    • Benefits of Using a Third Party Service for Medical Claims Audits
    • Internal Audit: The Benefits of Inviting Outside Eyes In
  • Category: ISO
    • Why Is ISO Certification More Popular Among U.S. Businesses?
    • Valuable Advantages of Getting ISO 27001 Certified
    • The Advantages of ISO 50001 Certification & Upcoming Changes
    • ISO Audit Preparation: Get Ready for a Successful ISO Assessment
    • The Difference Between ISO Compliance, Certification & Accreditation in Management Systems
    • Understanding Compliance – ISO 27001 and ISO 27002
    • A Practical Approach to Asset Inventory for ISO 27001
    • Implementing NIST Cyber Security Framework Using ISO 27001 Is an Organic Process
    • What You Need to Know about ISO 27001 Changes Between 2013 and 2017
    • 6 Steps to Help You Develop Your ISO 27001 Statement of Applicability
    • Implementing an Information Security Management System That’s ISO 27001-Compliant
    • A Commonsense Guide to the ISO 2700 Family of Standards
    • Optimize Your Organization’s Information Security Management System
    • Latest ISO 27001 Standards
  • Category: MAR/SOX
    • 5 Tips to Keep IT Professionals De-Stressed During SOX Compliance Preparation
    • Explore 5 Lesser Known SOX Rules and Requirements
    • A Detailed Overview of Optimal SOX Compliance for Your Organization
  • Category: NERC
    • The NERC CIP Standards: An Overview to Foster Compliance
    • NERC CIP and the Importance of Consistent Compliance
  • Category: PCI-DSS
    • How to Choose the Right PCI-Compliance Approved Scanning Vendor
    • A Guide to Keeping Phone Orders PCI Compliant
    • PCI DSS SAQ Types: Which Type Is Right for Your Business?
    • PCI DSS 4.0: What Changes Can We Expect?
    • Why Small Businesses Need the Data Security Essentials (DSE) Toolkit
    • Don’t Think You Need PCI Compliance Documentation? Think Again!
    • New Changes for PCI DSS and PA DSS Expected in 2021
    • How to Keep Employees and Your Organization PCI Compliant
    • Is Your Server PCI Compliant?
    • Changes Are on the Horizon from PCI SSC: Phasing Out PA-DSS v3.2 in 2022
    • Utilizing the effectiveness of PCI DSS and NIST
    • Facts and Misconceptions About PCI-DSS and PCI-DSS v3.2.1
    • Alleviate Audit Anxiety with A Glossary Of PCI Terms
    • What is a PCI ROC and Why Do You Need One?
    • PCI Non Compliance Fines & Consequences
    • PCI DSS Version 3.2.1: What Do You Need to Know About the January 1, 2019 Update?
    • PCI Compliance vs. PCI Certification
    • 5 Myths and Misconceptions about PCI Compliance
    • Do You Know Your PCI Compliance Level?
    • An Important Question in Online Payments: Is PayPal PCI DSS Compliant?
    • 5 Ways to Reduce Your PCI Scope to Streamline Efforts and Costs
    • How to Prepare for and Ace Your Upcoming PCI Audit
    • Experts Tips on How to Select a PCI-Compliant Service Provider
    • The PCI DSS v3.2 Update and Penetration Testing: What You Need to Know
    • Get Ready for the PCI DSS Version 3.2 Self-Assessment Questionnaires
    • Prepare for the 2018 PCI DSS 3.2 Changes: A Compliance Resource
    • The Latest Network Segmentation Guidance and How It Might Affect Your PCI DSS Scope
    • PCI Security Standards Council Releases Best Practices for Securing E-Commerce
    • Is Your Web Developer or Hosting Company Liable if Your Website is Not PCI Compliant?
    • Getting Your Organization in Line with PCI V3.2 Updates
    • The Web Developers’ Guide to PCI DSS Compliance
    • Top 4 PCI Audit Tips for Collection Companies
    • The Newest PCI SSC Updates
    • I.S. Partners, LLC Certified as a Qualified Security Assessor to Perform PCI-DSS
  • Category: Third-Party Risk Management
    • 6 Ways to Jump-start Your Third-Party Risk Management Program
• Category: SOC Compliance
  • An Overview of Complementary User Entity Controls
  • Who Is Certified to Complete a SOC Audit?
  • Try These Tips to Improve Your Reading and Understanding of SOC 1 and SOC 2 Reports
  • Category: SOC 1
    • A Checklist to Find the Right SOC 1 Audit Provider
    • How To Prepare for a SOC Audit
    • 9 Steps to Prepare for a Smooth and Effective SOC 1 Audit
    • Tips for Reading and Interpreting a SOC Report with Confidence
    • SOC 1 and SOC 2 Reports – Do You Know The Difference?
    • 5 Reasons Data Centers Need a SOC 1 Audit Report
    • Prepare A Complete and Effective Written Assertion for Your Upcoming SOC 1 Audit
    • How to Write a Strong System Description for SOC 1
    • The Best SOC 1 Reporting Approach for Subservice Organizations and Vendors
    • How to Reduce Your E&O Insurance Premium with a SOC Audit
    • Understand the Difference Between SOC 1 Type 1 & 2 Reports
    • SSAE 16 Checklist
  • Category: SOC 2
    • SOC 2 Audits: What They Are & How to Stay Compliant
    • 4 Critical Practices for SOC 2 Security Compliance
    • Are Pen Tests & Vulnerability Scans Needed for SOC 2 Report Compliance?
    • Building a Strong SOC 2 Team
    • Our Guideline of a SOC 2 Timeline: Know What to Expect
    • A No-Nonsense Guide to SOC 2 Data Classification
    • SOC 2 Readiness Testing Is an Invaluable Tool for Service Organizations
    • What Do SOC 2 Reports Mean to Managed Service Providers?
    • Getting Up to Speed with Trust Services Criteria Updates and Additions
    • Simple Ways to Determine When to Include Processing Integrity into Your SOC 2 Audit
    • 3 Need-To-Know Details About the SOC 2 Audit and AT Section 101
  • Category: SOC 3
    • When Should You Consider a SOC 3 Audit?
  • Category: SOC for Supply Chain
    • Anticipating SOC for Supply Chain: Creating a Sophisticated Supply Chain can Reduce Risk