Understanding Your SOC 1 Report: The 5 Components of Internal Control

by Joseph Kirkpatrick / February 9, 2023

 What are the Components of Internal Control (CRIME)? The framework utilized for a SOC 1 audit is known as the COSO Internal Control Framework. It’s one of the most common models used to design, implement, maintain, and evaluate internal control. To have an effective system of internal control, the COSO framework requires that service organizations have the defined components of internal control present, functioning, and supporting business and internal…

GDPR Readiness: Are You a Data Controller or Data Processor?

by Sarah Harvey / July 12, 2023

GDPR Roles - Where Does Your Organization Start? The most common questions we’re hearing related to GDPR have to do with roles – what role does my organization play? Are we a data controller or data processor? Joint controller? Controller-processor? Where should we start in our journey towards GDPR compliance? This can be a confusing aspect of compliance, but GDPR requirements depend on roles, so determining what role your organization…

How Can a SOC 2 Bring Value to Your SaaS?

by Sarah Harvey / June 14, 2023

No one wants to work with an at-risk SaaS provider. If someone is looking to use your services, they want to know how secure your SaaS solution actually is. You may think you have a secure SaaS solution, but does an auditor? Does a hacker? Let’s look at how a SOC 2 audit could bring value to your organization’s reputation, marketing initiatives, and competitive advantage. What is a SOC 2?…

Understanding Your SOC 1 Report: The 3 Objectives of COSO

by Joseph Kirkpatrick / December 20, 2022

What is the COSO Internal Control Framework? The framework utilized for a SOC 1 audit is known as the COSO Internal Control Framework. The COSO framework is one of the most common and important models used to design, implement, maintain, and evaluate internal control. It’s regarded as the definitive model against which organizations determine the effectiveness of their internal control. The COSO framework was established in 1992, but updated in…

HITRUST Update: HITRUST CSF v9.1 Release

by Sarah Harvey / December 20, 2022

HITRUST’s Continual Effort to Evolve As more and more organizations look to the HITRUST CSF® as a way to ensure security and compliance, HITRUST continually updates the framework to incorporate evolving regulations and standards. What's new in HITRUST CSF v9.1, HITRUST's latest release? HITRUST CSF v9.1 includes changes based on community feedback as well as two major updates: support of GDPR and 23 NY CRR 500 requirements. The incorporation of…