Pages

• About
  • Careers
    • Staff Auditor
• Blog Feed
• Compliance
  • Agreed-Upon Procedures
  • California Consumer Privacy Act
  • Compliance Checker
  • Disaster Recovery
  • Enterprise Risk Management
  • GDPR Compliance
  • GLBA Compliance
  • Internal Audit Outsourcing
  • Internal Audits
  • MAR/SOX Compliance
  • NERC CIP
  • Third-Party Risk Assessments
• Contact Us
• Cookie Policy
• Endorsements
• HITRUST
• IS Partners Seals of Excellence
• IT Assurance
  • Data Mining
  • Database Security
  • FISMA
  • HIPAA-HITECH
  • ISO 27001
  • NIST 800-171 Assessments
  • PCI DSS
  • Penetration Testing
  • Virtual CISO
• Partnerships
• PCI DSS Assessment
• Privacy
• Request a Quote
• Sitemap
• SOC Audits
  • SOC 1 Services
  • SOC 2 Services
  • SOC 3 Services
  • SOC for Cybersecurity
  • SOC for Vendor Supply Chain
• Terms of Service
• Resources

Posts by category

• Category: Auditing Standards
  • 3 Steps to Creating a Successful Continuous Auditing Process
  • Subservice Organizations & SSAE-18: The Carve Out vs. The Inclusive Method
  • Our Commitment to You: How We’re Expanding to Better Serve Our Clients in 2019
  • Category: SSAE 18
    • Key Distinctions Between AT Section 101 And SOC 1
    • What Is Required for Your SSAE 18 Reports?
  • Category: SSAE-16
    • Attestation Matters Regarding SSAE 16 and the New Release of SSAE 18
    • The New World Created by SSAE 16
    • SSAE 16 Checklist
• Category: Company News
• Category: Compliance
  • IRS-1075 Compliance Tips for Your Organization
  • Do You Do Business in Nevada? Here’s What You Need to Know About Security
  • Understanding MARS-E Compliance: Health Insurance Exchanges Security
  • Is Joint Commission Accreditation Right for your Healthcare Brand?
  • SSAE 18 Audits Allow Customers to Trust a Payroll Company’s Services
  • How Do Internal Audits Work?
  • The Five Types of Testing Methods Used During Audit Procedures
  • Auditing Exceptions and How They Might Impact Your SOC Reports
  • Three Effective Ways to Prove HIPAA Compliance
  • Which Matters More: HIPAA or State Law?
  • Achieve & Maintain Peak GDPR Compliance with These 5 Technology Solutions
  • A Practical Approach to Asset Inventory for ISO 27001
  • Implementing NIST Cyber Security Framework Using ISO 27001 Is an Organic Process
  • PCI DSS Version 3.2.1: What Do You Need to Know About the January 1, 2019 Update?
  • What You Need to Know about ISO 27001 Changes Between 2013 and 2017
  • The 4 Most Common Compliance Risks and How to Avoid Them
  • ISO 27001 vs ISO 27002: Which Standard Is Best for Your Organization?
  • Four Good Reasons to Get ISO 27001 Certified
  • Becoming ISO 27001 Certified: What Do Organizations Need to Do?
  • 11 Common Questions About SOC 2 Auditing and Reporting
  • Establish an Effective Internal Control Environment That Reflects Your Organization’s Values
  • Top 4 Most Trusted, HIPAA-Compliant Cloud Storage Services [Updated for 2018]
  • The Continuing Expansion of the Insurance Compliance Officer Role
  • The NERC CIP Standards: An Overview to Foster Compliance
  • SOC 2 Audits: What They Are and How to Stay Compliant, Part 1 of 2
  • PCI Compliance vs. PCI Certification
  • Does HIPAA Certification Guarantee HIPAA Compliance?
  • HIPAA Compliance & Cell Phones: Staying Compliant While Staying Connected
  • Privacy vs. Confidentiality in a SOC 2: Do You Know the Differences?
  • 5 Myths and Misconceptions about PCI Compliance
  • A Guide to Keeping Phone Orders PCI Compliant
  • 4 Ways to Use PCI DSS to Achieve GDPR Compliance
  • PCI DSS Compliance vs. HIPAA Compliance: Key Similarities and Differences You Should Know
  • How to Best Communicate Your Security and Compliance Requirements to Potential Business Clients & Partners
  • The Evolving Role of SOC Reports: Anticipating the Development of SOC for Vendor Supply Chains
  • 3 Key Steps for Creating a Unified Control Framework to Simplify Compliance
  • Compliance and Security Naturally Work Together in Harmony for Your Business
  • Do the Two Key Modifications to HITRUST CSF v9.1 Affect Your Business?
  • A Detailed Overview of Optimal SOX Compliance for Your Organization
  • Why Small Business Security Matters for Your Large Corporation
  • How to Prepare for and Ace Your Upcoming PCI Audit
  • Ethics Versus Compliance: Drawing a Distinction Between These Two Professions
  • Optimize Your Organization’s Information Security Management System
  • 2017 CPA Exam: Changes to Skill and Content Specifications
  • Fine Tune Your Compliance By Better Understanding Model Audit Rule Requirements
  • Implement a Few Simple Tips To Ensure Solid Year End Compliance
  • How Can The COSO Framework Improve Your Organization’s Internal Controls
  • Are You Confident That Your Organization Is FISMA Compliant?
  • What Upcoming Regulatory Challenges May Your Organization Face?
  • Are You Still Compliant with TSP Section 100?
  • Identifying Common Compliance Misconceptions
  • Prevent Internal Fraud With Awareness and a Solid Strategy
  • Compliance Issues That Your Insurance Company Should Know
  • Is Your Web Developer or Hosting Company Liable if Your Website is Not PCI Compliant?
  • Cloud Service Provider Compliance and Its Importance to Your Business
  • SOC 2 vs. ISO 27001 & 27002: Which is Right for your Company?
  • COSO’s 2013 Framework- A New Standard for Internal Control
  • Category: Agreed Upon Procedures
    • Agreed-Upon Procedures vs. SOC 2 Audits: Which One Do You Need?
  • Category: California Consumer Privacy Act
    • A Comparison of GDPR and CCPA
    • California Consumer Privacy Act: What You Need to Know About This New Legislation
  • Category: FISMA
    • Standards for Developing your Data Retention Policy
  • Category: GDPR
    • Taking a Closer Look at the Role of Your CISO for GDPR
    • Dos and Don’ts of GDPR Compliance
    • U.S. Companies Need to Gear Up for GDPR Compliance: 5 Ways To Prepare
    • Why Multinational Companies Need to Care About GDPR Compliance
  • Category: GLBA
    • Keys to A Successful GLBA Compliance Audit
    • How to Avoid Common GLBA Compliance Mistakes
    • Learn About the Types of Institutions That Benefit from a Successful GLBA Audit
    • Learn More About the GLBA Risk Assessment Matrix
    • Protect Your Financial Organization’s Private Data By Ensuring GLBA Compliance
  • Category: HIPAA/HITECH
    • What Do We Mean by “Protected Health Information”?
    • Common HIPAA Violations and How to Avoid Them
    • HIPAA and PCI Compliance: The Overlap and Distinctions
    • 7 Essential Questions to Ask Your HIPAA Hosting Provider
    • What Your CISO Needs to Know About HIPAA
    • HIPAA vs. HITRUST: Which One Will Best Protect Your Organization’s Healthcare Data?
    • Tracking Compliance Through Phase 2 HIPAA Audit Programs
    • Your HIPAA Compliance Checklist
    • The HITRUST and SOC 2 Alignment Improves Efficiency
    • Finding Your Way in the New World of HIPAA/HITECH
  • Category: HITRUST
    • Factors to Determine the Scope of HITRUST Engagement for Certification
    • HITRUST CSF Further Expands with the V9.2 Update
    • How to Streamline Your SOC Audit: Use HITRUST CSF™ Built-In Control Categories
    • What HITRUST Version 8 Means for Your Business
    • Benefits of Having a CPA Firm Perform your HITRUST CSF Assessment
    • Prepare for Your Organization’s Upcoming HITRUST Assessment With Confidence
    • All the Basics of HITRUST CSF Requirements to Protect Data and Stay Compliant
    • I.S. Partners, LLC Obtains Approval as HITRUST CSF Assessor
    • What is the HITRUST CSF and How Can It Help Prevent Healthcare Data Breaches?
  • Category: ISO
    • 6 Steps to Help You Develop Your ISO 27001 Statement of Applicability
    • Implementing an Information Security Management System That’s ISO 27001-Compliant
    • A Commonsense Guide to the ISO 2700 Family of Standards
    • Understanding Compliance – ISO 27001 and ISO 27002
    • Latest ISO 27001 Standards
  • Category: MAR/SOX
    • 5 Tips to Keep IT Professionals De-Stressed During SOX Compliance Preparation
    • Explore 5 Lesser Known SOX Rules and Requirements
  • Category: NERC
    • NERC CIP and the Importance of Consistent Compliance
  • Category: PCI-DSS
    • PCI Non Compliance Fines & Consequences
    • PCI-DSS: Self-assessment Questionnaire
    • Do You Know Your PCI Compliance Level?
    • How to Draft Policy & Procedure Documentation: PCI DSS Requirement 12
    • An Important Question in Online Payments: Is PayPal PCI DSS Compliant?
    • 5 Ways to Reduce Your PCI Scope to Streamline Efforts and Costs
    • Experts Tips on How to Select a PCI-Compliant Service Provider
    • Facts and Misconceptions About PCI-DSS and PCI-DSS v3.2
    • The PCI DSS v3.2 Update and Penetration Testing: What You Need to Know
    • Get Ready for the PCI DSS Version 3.2 Self-Assessment Questionnaires
    • Prepare for the 2018 PCI DSS 3.2 Changes: A Compliance Resource
    • The Latest Network Segmentation Guidance and How It Might Affect Your PCI DSS Scope
    • PCI Security Standards Council Releases Best Practices for Securing E-Commerce
    • Getting Your Organization in Line with PCI V3.2 Updates
    • The Web Developers Guide to PCI DSS Compliance
    • Top 4 PCI Audit Tips for Collection Companies
    • Is Your Server PCI Compliant?
    • The Newest PCI SSC Updates
    • I.S. Partners, LLC Certified as a Qualified Security Assessor to Perform PCI-DSS
• Category: Disaster Recovery
  • Everything You Need for Your Next Disaster Recovery Audit
  • Who Is an Internal Auditor and How Is the Role Crucial to Disaster Recovery?
  • Determine How Often You Need to Review and Update Your Disaster Recovery Plan
  • What a Business Continuity Plan Is and Why You Need One Right Away
  • How to Reduce Risk When Working with Healthcare Business Associates
  • Disaster Preparedness and Recovery for Small Businesses
• Category: Enterprise Risk Management
  • 6 Ways to Jump-start Your Third-Party Risk Management Program
  • Keep Tabs on the Future of Financial Risk Management
  • Enterprise Risk Management [Part III]: 5 Examples of Positive Risk
  • Enterprise Risk Management [Part II]: What is a Risk Assessment Matrix?
  • Enterprise Risk Management [Part I]: A Primer on the Basics of Third-Party Risk Management
  • Internal Auditor’s Expanding Role in Enterprise Risk Management
  • Category: Third-Party Risk Management
• Category: Internal Audit
  • How Often Are Internal Audits Needed for Your Organization
  • Top 5 Benefits of an Internal Audit for Your Company
  • How to Choose an Internal Auditor
  • Outsourced and Co-sourced Internal Audits: Which One Is Right for Your Organization?
  • Why Organizational Readiness Assessments are Important
  • Gap Analysis vs. Internal Audit: Which Evaluation Process Do You Need?
  • Differences Between Risk Assessment vs. Internal Audit
  • Learn More About Your Internal Auditor and 5 Things They Need for an Internal Audit
  • Learn What Attestation, Assurance and Auditing Means in the CPA Industry
  • Learn the ABCs of CISA
  • Top Benefits Associated with Internal Audit Co-Sourcing
  • Benefits of Using a Third Party Service for Medical Claims Audits
  • Internal Control Audit of A Cloud Infrastructure
  • Internal Audit: The Benefits of Inviting Outside Eyes In
• Category: Security
  • Prepare for the Increasingly Expanding Responsibilities of the Chief Risk Officer
  • The Most In-Demand Certifications for IT Professionals
  • Category: Cybersecurity
    • 12 Commonly Asked Questions About CIS Controls
    • Privacy, Cybersecurity & ISO 27001: How Are They Related?
    • The Top 4 Cybersecurity Attacks Your Business Could Face
    • The NIST Cybersecurity Framework: An Introduction to the 5 Functions
    • The NIST CSF Update: Everything You Need to Know to Get Up to Speed
    • Learn the Key Differences Between Vulnerability Scans and Penetration Tests
    • Changes are on the Horizon for Your Encryption Protocols: Are You Ready?
    • Would My Organization Benefit from the Utilization of a Third-Party Managed Security Service Provider?
    • A Closer Look at SOC for Cybersecurity for a Better Understanding
    • Explaining the NIST Cybersecurity Framework
    • Brushing Up Your Cybersecurity in 2018: How the Landscape Has Changed
    • The Top 5 Cybersecurity Challenges Facing Financial Service Institutions
    • Security Surprise: Enforcing Regular Password Changes Puts Your Organization at Risk
    • Outsourcing IT Security vs. Hiring an In-House Specialist
    • A Cybersecurity Checklist that will Get You Into the Holiday Spirit
    • Criteria to Help You Choose Between SOC 2 and SOC Cybersecurity Assessments
    • Reap the Benefits of SOC for Cybersecurity Assessment for Your Organization
  • Category: Data Mining
    • Explore the Process of Data Mining to Discover the Best Techniques
    • Generating Value from Big Data Analytics
  • Category: Data Security
    • The Massachusetts Data Protection Act: Tightening Up Individual State Data Privacy Laws
    • What Is the FTC Red Flags Rule and Who Must Comply?
    • Try These 5 Steps to Complete a More In-Depth Threat Assessment
    • What is the CLOUD Act and Can It Impact Your Business?
    • The Top 5 Factors to Consider When Using Big Data Technology
    • 6 Tips to Segment a Network to Better Protect Your System
    • Choose the Right Penetration Testing: Black Box vs. White Box
    • Need-to-Know Details About Virtual CISOs
    • 5 Key Steps to Developing a Solid Data Retention Policy
    • What Does a GDPR Data Protection Officer Do: Do You Need One?
    • How to Create An 8-Point Office IT Security Checklist
    • The Top 5 Workplace Privacy Myths That Employees Must Stop Believing
    • Keep Your Data Safe with the Right Audit for Your Cloud Service Provider
    • Why Healthcare Security Is A Must
    • The Future of Cybersecurity Regulations: March 1, 2017 New York DFS Changes
    • The WannaCry Ransomware String of Attacks: What Is the Story?
    • A Solid ERM Strategy Can Help Your Organization Achieve Effective Risk Management Control
    • The Top 5 Data Breaches of 2016
    • Vigilance Is the Key to Keeping Your Data Secure in 2017
    • As the Mobile World Continues to Grow, So Should Your Data Security Efforts
    • Keeping Your Higher Learning Institution’s Network Secure
    • Personally Identifiable Information: What You Should Know and Do About Protecting It
    • Data Security for Your Mobile Device
  • Category: Network Security
    • CSA Cloud Controls Matrix: Why It Is Important When Working With The Cloud
    • 6 Questions to Consider Before Launching Your Next Penetration Test
    • Build a Comprehensive Network Security Checklist for Your Organization
    • Guard Your Company’s Computing System from Ransomware
    • What are Webtrust and Systrust?
    • COBIT & Val IT – How These Frameworks Help Your Business
    • How Often Should You Have Your Database Updated?
    • 5 Most Common Vulnerabilities in Your Organization’s Computing System
    • Safeguard Company Data: 7 Vital Tips to Increase Password Protection
    • Penetration Testing for Web Applications
    • The 5 Top Data Breaches of 2015
    • How to Respond to a Data Breach
    • Preparing for Cybersecurity in 2016
    • New Year’s Resolutions for Better Data Security in 2016
    • Are USB Drives Undermining Your Network Security?
    • Penetration Tests and Vulnerability Assessments: Two Different Methods of Fortifying Your Network
  • Category: NIST Assessments
    • About NIST SP 800-53 | What You Need to Know to Maintain Compliance
• Category: SOC Reports
  • An Overview of Complementary User Entity Controls
  • Who Is Certified to Complete a SOC Audit?
  • Try These Tips to Improve Your Reading and Understanding of SOC 1 and SOC 2 Reports
  • Category: SOC 1
    • A Checklist to Find the Right SOC 1 Audit Provider
    • How To Prepare for a SOC Audit
    • 9 Steps to Prepare for a Smooth and Effective SOC 1 Audit
    • Tips for Reading and Interpreting a SOC Report with Confidence
    • SOC 1 and SOC 2 Reports – Do You Know The Difference?
    • 5 Reasons Data Centers Need a SOC 1 Audit Report
    • Prepare A Complete and Effective Written Assertion for Your Upcoming SOC 1 Audit
    • How to Write a Strong System Description for SOC 1
    • The Best SOC 1 Reporting Approach for Subservice Organizations and Vendors
    • How to Reduce Your E&O Insurance Premium with a SOC Audit
    • Understand the Difference Between SOC 1 Type 1 & 2 Reports
  • Category: SOC 2
    • A No-Nonsense Guide to SOC 2 Data Classification
    • SOC 2 Readiness Testing Is an Invaluable Tool for Service Organizations
    • What Do SOC 2 Reports Mean to Managed Service Providers?
    • 4 Important Areas of Security Practice Critical to SOC 2 Compliance for Your Organization
    • SOC 2 Audits: What They Are and How to Stay Compliant, Part 2 of 2
    • Getting Up to Speed with Trust Services Criteria Updates and Additions
    • Simple Ways to Determine When to Include Processing Integrity into Your SOC 2 Audit
    • 3 Need-To-Know Details About the SOC 2 Audit and AT Section 101
  • Category: SOC 3
    • When Should You Consider a SOC 3 Audit?

FAQs

• What is SAS-70?
• Is SSAE-18 a certification?
• What is the difference between SSAE-18 and SAS-70?
• How long does it take to complete an SSAE-18 audit?
• How much does an SSAE-18 audit cost?
• Why is I.S. Partners qualified to perform SOC audits?
• What is the difference between a Type I audit and a Type II audit?
• To whom does PCI apply?
• What does the PCI DSS require?
• What must penetration testing include?
• Why Should You Choose the HITRUST CSF Over Other Available Frameworks (NIST, ISO, etc.)?
• How Often Do I Need to Get a Report?
• How Can My Organization Utilize the HITRUST CSF Framework for a SOC 2 Report?
• What are the Two Different Types of HITRUST CSF Assessments that HITRUST Offers?
• Who is HITRUST
• What is the advantage of getting HITRUST CSF certified?
• Is the HITRUST CSF similar to SOC report requirements?
• What is the HITRUST CSF Certification process like?
• What’s the difference between HITRUST CSF and HIPAA?
• What is PCI-DSS?
• Are there compliance levels for PCI-DSS?
• Are there penalties for PCI non-compliance?
• What is PCI-DSS v3.2?
• What is the Prioritized Approach in PCI DSS?
• What are the PCI-DSS v3.2 standards?
• Is PCI-DSS Voluntary?
• Does PCI-DSS only apply to businesses that store credit card information?
• Can my business can stay PCI-DSS compliant if I use a single vendor and product, or if I outsource the card processing tasks?

Whitepapers

• The Complete Guide to Enterprise Risk Management
• The Complete Guide to GDPR Compliance [White Paper]
• Preparing for the Upcoming 2018 SOC 2 Changes
• Moving Your Organization from SSAE 16 to SSAE 18
• What You Should Know About HITRUST Compliance Before Moving to the Cloud
• Talking to Your Business Associates About HITRUST^™