Dallas, Texas – July 2022 – Trinity Real Estate Solutions, a leading national provider of construction lending services, specialty inspections and appraisals, announced the completion of its annual SOC 2 Type II audit for the fourth year in a row. Performed by KirkpatrickPrice, the attestation certifies Trinity’s ceaseless commitment to protecting its clients’ confidential data while confirming the highest level of standards, processes and controls for data privacy and security.

“Data security remains one of our top priorities, and we believe the amount of time and rigorous effort required to complete this attestation every year assures our customers of our dedication to standardizing and streamlining Trinity’s security practices, operational environment and policies and procedures,” explains Steve Fontaine, VP Services, Trinity. “With the increasing threats of ransomware attacks, data breaches, and IT outages, we are diligent to protecting our clients’ most critical assets and allowing them to focus on what they do best in their respective businesses”

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Trinity Real Estate Solutions delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Trinity Real Estate Solutions’ controls.”

A SOC 2 audit provides an independent, third-party validation of a service organization’s information security practices as required by the American Institute of Certified Public Accountants’ (AICPA.) During the audit, a service organization’s non-financial reporting controls are tested as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Trinity’s controls to meet the standards for these criteria.

About Trinity Real Estate Solutions:

Trinity Real Estate Solutions®, Inc. is a national provider of residential and commercial construction lending services, including draw inspections, appraisals, and loan administration services. Its products are designed to mitigate risk and provide onsite assessments of properties. Trinity serves customers in the banking, mortgage lending, insurance, and credit-card industries, providing a comprehensive suite of solutions through five unified companies. Headquartered in Irving, Texas, Trinity partners with thousands of field appraisers, inspectors, contractors, engineers, architects, surveyors, and brokers across the country. They serve small, regional, and national customers. For more information, visit www.trinityonline.com or follow Trinity on LinkedIn.

About KirkpatrickPrice:

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Cybersecurity firm KirkpatrickPrice announced the promotion of Stephanie Rodrigue to Chief Operating Officer and Maggie Austin to Vice President of Operations. These changes to KirkpatrickPrice’s operational leadership empower the team to ensure quality and assurance in all things.

As COO, Rodrigue is responsible for ensuring all aspects of daily operations run smoothly. Rodrigue oversees daily administrative and operational functions, reporting directly to the President & Founder, Joseph Kirkpatrick. Rodrigue joined KirkpatrickPrice in 2016 working in Sales before leading the Client Success Team as Vice President. Rodrigue has been an instrumental member of the executive leadership team by building a successful Client Success function and leading strategic initiatives across all areas of the company. Rodrigue demonstrates a vast knowledge of the KirkpatrickPrice mission, inspiring our clients to achieve greater levels of security and compliance assurance.

When asked about her new role, Rodrigue said, “I am proud to be a part of a team that is dedicated to helping our clients teach their security and compliance goals. I look forward to the continued service of our team members and clients as they work together to defend against cyber security threats.”

As the VP of Operations, Austin ensures quality in all operational practices, leading the Professional Writing, Quality Assurance, and Training departments. Austin joined KirkpatrickPrice in 2011 as a Professional Writer and within a year became the leader of that team as the Director of Professional Writing. Austin is known as an indispensable resource for every team at KirkpatrickPrice and is a trusted, strategic member of the leadership team.

“It has been an honor to grow alongside this amazing company for the past 11 years, and I look forward to the impact KirkpatrickPrice will continue to have in our industry,” Austin said.

Both the firm and its leader, Joseph Kirkpatrick, are thrilled to announce these promotions and to see the growth within its team.

“Stephanie and Maggie are the very best KirkpatrickPrice has to offer. Their experience and vision are based on a sincere desire to serve our clients and improve security and compliance for businesses worldwide. Their leadership allows us to scale and support our team members more effectively,” Kirkpatrick said.

About KirkpatrickPrice:
KirkpatrickPrice is the leader in cyber security and compliance audit reports. Our experienced auditors know audits are hard, so they take complicated audits such as SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST, GDPR, and ISO 27001 and make them worth it. The firm has issued over 10,000 reports to over 1,200 clients worldwide, giving its clients trusted results and the assurance they deserve. Using its Online Audit Manager, the world’s first compliance platform, KirkpatrickPrice partners its clients with an expert to guide them through the entire audit process, from audit readiness to final report. For more information, visit https://kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Independent Audit Verifies Uptake’s Internal Controls and Processes

CHICAGO –– May 31, 2022 –– Uptake, a leader in industrial intelligence, announced today that
it has completed its SOC 2 Type II audit, performed by KirkpatrickPrice. SOC 2 compliance
demonstrates that software-as-a-service (SaaS) applications have the necessary controls and
processes in place to protect data processed on their systems, and is a critical criterion for
evaluating the security of software vendors.

“The safety and cyber-security of industrial data and systems are critical for our customers and
partners, and they’re core to our products and services,” said Linda Bartman, President, Uptake.
“We’re committed to ensuring data entrusted to Uptake is secure and available for all of our
customers’ objectives –– from digital transformation to sustainability initiatives.”

A SOC 2 audit provides an independent, third-party validation that a service organization’s
information security practices meet industry standards stipulated by the AICPA. During the
audit, a service organization’s non-financial reporting controls, including security, availability,
processing integrity, confidentiality, and privacy, are tested. The SOC 2 report delivered by
KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Uptake’s
controls to meet the standards for these criteria.

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of
KirkpatrickPrice. “Uptake delivers trust-based services to their clients, and by communicating
the results of this audit, their clients can be assured of their reliance on Uptake’s controls.”
For more on Uptake’s commitment to cybersecurity, visit:

About Uptake:

Uptake provides industrial intelligence software-as-a-service (SaaS), translating data into
smarter operations. Driven by unified data management and industrial data science, Uptake
enables and delivers actionable insights that predict asset failure, advance ESG initiatives,
mitigate catastrophic risk, optimize maintenance strategy, and protect operator safety. With 48
patents and recognition by Gartner, Verdantix, the World Economic Forum, CNBC, and Forbes,
Uptake is based in Chicago, with an office in Mississauga, Ontario, and has a presence around
the world. To stay up-to-date on what we’re doing, visit us at www.uptake.com and follow us on
LinkedIn and Instagram.

About KirkpatrickPrice:

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered
with the PCAOB, providing assurance services for over a thousand clients in North America,
South America, Asia, Europe, and Australia. The firm has more than a decade of experience in
information security by performing assessments, audits, and tests that strengthen information
security practices and internal controls. KirkpatrickPrice most commonly performs assessments
on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA

frameworks, as well as advanced-level penetration testing. For more information, visit
www.kirkpatrickprice.com, follow KirkPatrickPrice on LinkedIn, or subscribe to our Youtube
channel.

CONTACT
Uptake
press@uptake.com, + 1 312-242-2167

 The General Data Protection Regulation (GDPR) imposes security and privacy regulations that apply to businesses that store or process European Union residents’ personal data. It enacts a broad range of measures to give data subjects control over their data and protect them from unauthorized exposure.

 Encryption is a vital aspect of obtaining GDPR compliance. Encryption protects your organization so that in the event that data is lost, stolen, or compromised, there is a line of defense.  Adding encryption as a layer of protection for your data strengthens your organization’s ability to protect that data in a way that complies with the regulation and provides assurance to your clients. Businesses with EU users and customers need to know what GDPR encryption rules mean for their data security and privacy efforts.

What Does The GDPR Say About Encryption?

The GDPR does not mandate specific technologies or implementations, so no rule says, “you must encrypt personally identifiable data.”  However, GDPR Article 32 (1) states that data controllers and processors must implement appropriate technological and organizational measures to secure personal data. Encryption is suggested as a measure that can help businesses to achieve their GDPR compliance objectives.

Encryption is the best way to protect data, provided it’s used as part of a secure system. Encryption is often built into infrastructure hosting platforms, and effective encryption technology is available to all businesses at a minimal cost. 

Privacy audits can feel overwhelming.

Privacy laws and regulations are constantly changing, and the process feels overwhelming. This guide will help you feel more confident as you prepare for your next privacy audit.

Get the Guide

1. Assess Which Data Falls Under the GDPR

The first step is to discover which personal data your business stores, processes, or transmits. That includes knowing which data is in scope for the GDPR, where it’s stored, and the privacy and security measures the business uses to protect it. Ignorance isn’t a defense; businesses often breach the GDPR by failing to protect information they don’t realize contains personal data.

A Data Protection Impact Assessment (DPIA) can help businesses discover whether encryption is appropriate. A DPIA assesses data processed by an organization to determine whether it poses a risk under the GDPR. It considers the data’s nature, the level of risk, and the measures that could be taken to mitigate risk, including encryption.  GDPR provides a template that can guide your organization through this process.  

2. Develop GDPR Encryption Policies

Encryption policies should clearly describe how and when data processed by your organization is to be encrypted. Encryption policies help avoid mistakes caused by ad-hoc and inconsistent implementation. 

Encryption policies supported by the organization’s leadership have two main benefits: 

  • They provide a foundation on which specific procedures can be based, allowing the organization to develop consistent GDPR encryption practices to achieve compliance objectives while meeting the varied needs of different systems and data types.
  • They can mandate training requirements for relevant staff to ensure they know encryption policies, procedures, and responsibilities. Many data breaches occur because employees fail to follow encryption best practices by, for example, downloading personal data to an unencrypted portable drive or uploading it to an improperly configured cloud storage service

3. Encryption, GDPR, and Data in Transit

Data is said to be in transit when it is moved between systems or components of a system. For example, data in transit might be information submitted by a customer in a web browser or data delivered to a third-party processor by a business.  Data in transit is at particular risk as it travels over open networks outside the influence of the data controller or processor. Standard encryption measures to protect data in transit include virtual private networks (VPNs) or HTTPS encryption using TLS certificates. 

4. Encryption, GDPR, and Data At Rest

Data at rest is often considered a lower risk than data in transit because security measures should prevent an attacker from accessing internal storage devices. However, software vulnerabilities, insider threats, and phishing attacks may allow attackers to circumvent network border protections and steal unencrypted data. If data is encrypted at rest using securely managed keys, the attacker gets nothing of value. Encryption at rest is part of a layered approach to data protection and GDPR compliance. 

5. Understand GDPR Encryption Requirements

There are many ways to encrypt data, but some are more effective than others. As computing power increases and cryptography advances, older standards and algorithms become easier to crack. To comply with the GDPR,  use up-to-date, well-tested cryptographic tools that conform to reputable standards. While the GDPR doesn’t specify tools and standards, businesses typically rely on cryptographic security standards such as FIPS 140-2 and FIPS 197 in concert with broader information security standards such as ISO 27001 Annex A.10.1.

GDPR Compliance with KirkpatrickPrice

KirkpatrickPrice provides a range of services that can help your business comply with the GDPR and other information security regulations, including ISO 127001 audits, SOC 2 audits, and compliance audits for other regulations and standards. Businesses seeking to improve GDPR compliance also benefit from security awareness training, penetration testing, and remote access security testing.

Cloud computing myths have occupied the IT world since the cloud became a viable infrastructure hosting option a decade and a half ago. Those of us who worked in IT at the time remember the many misconceptions about what the cloud was and whether it was possible to host business-critical services in the cloud while maintaining security and regulatory compliance. 

The IT industry and the cloud have evolved beyond all recognition since those early days, and few people today doubt the value and power of the cloud computing model. In 2022, 67% of enterprise infrastructure and 83% of business workloads are hosted on a cloud platform. 

Yet cloud myths persist, particularly cloud security myths, although their nature has evolved along with the cloud. In the past, cloud security myths were unduly pessimistic. Today, they are just as likely to be unduly optimistic about cloud security and compliance. 

Myth 1: Cloud Platforms Are Insecure

This is the original cloud security myth, founded on the belief that businesses can’t trust infrastructure they don’t control. However, if we look at the pattern of security incidents involving cloud platforms, it becomes clear that they are rarely caused by vulnerabilities in the platform itself. They are almost always the result of cloud users’ misconfigurations and mistakes; 70% of cloud security challenges arise from configuration errors.

Myth 2: Vendors Take Care of Cloud Security

The opposite of our first cloud security myth is the mistaken belief that the cloud is inherently secure. Believers operate under the misconception that hosting software and data in the cloud is a shortcut to improved security. In reality, all cloud providers use a shared responsibility model for security. 

The provider takes responsibility for some security aspects—the physical infrastructure at a minimum, but often other aspects depending on the service. The user is then responsible for using those services securely. For example, connecting an unencrypted AWS elastic block storage device to an EC2 instance creates a potential data leak vulnerability. Amazon provides secure encrypted block storage, but it won’t stop the user from deploying an insecure configuration. 

Cloud users must understand which security aspects they are responsible for and how to configure their cloud environment to meet security and compliance requirements. If you’re worried that your business has cloud misconfigurations, consider a cloud security configuration assessment. 

Myth 3: Compliant Services Guarantee Regulatory Compliance

Many cloud providers advertise that their services are compliant with information security regulations. For example, Amazon’s S3 storage service is certified compliant with SOC, PCI DSS, HIPAA, and other regulatory standards. But what does that mean? Most importantly, it doesn’t mean that an S3-based data storage system automatically complies with those standards. 

This is something cloud vendors go to some lengths to communicate. For example, Amazon’s PCI DSS compliance documentation states that “AWS establishes itself as a PCI DSS Service Provider to enable, upon further configuration, the compliance of our customers.” The “upon further configuration” part is critical. S3’s PCI compliance means it can be used as part of a PCI-compliant system, but it needs to be configured correctly to do so. A simple configuration error may render any system non-compliant  that is built on S3, and it’s the user’s responsibility to make sure that doesn’t happen. 

Myth 4: Bad Actors Don’t Target the Cloud

It might be tempting to think that moving to a cloud platform will solve your business’s security problems. You’re at the end of your tether with the constant bombardment of malware, ransomware, phishing attacks, and bad bots. You want a secure infrastructure solution that is immune to the attention of cybercriminals. But the cloud can’t give you what you are looking for. Many of the biggest security breaches and data leaks of the last few years happened on the cloud. 

Criminals go where the data is, and they have become skilled at exploiting cloud vulnerabilities. As we established earlier in this article, most of those vulnerabilities are caused by cloud user mistakes. Does that mean cloud platforms can’t help you solve your security and compliance issues? In fact, they can, but you may need the help of an experienced cloud expert. 

Myth 5: You Don’t Need A Cloud Security Audit

A cloud security audit based on the Center for Information Security Benchmarks will help your business avoid the security and compliance risks we’ve highlighted in this article. Experienced information security experts will examine your AWS, Microsoft Azure, or Google Cloud Platform environment for configuration mistakes, security vulnerabilities, and data breach risks. An audit ensures you have the information to operate a secure and compliant cloud environment. To learn more, contact a cloud security specialist at KirkpatrickPrice today.