Blog

What’s The Difference Between SOC 1, SOC 2, and SOC 3?

by Joseph Kirkpatrick / February 7, 2023

When it comes to SOC (System and Organization Controls) reports, there are three different SOC report types: SOC 1, SOC 2, and SOC 3. When considering which report fits your organization’s needs, you must first understand what your clients require of you and then consider the areas of internal control over financial reporting (ICFR), the Trust Services Criteria, and restricted use. Each SOC report type fulfills a different purpose, and…

Episode 4 – How are HITRUST Controls Scored? The HITRUST CSF Maturity Model

by Joseph Kirkpatrick / December 22, 2022

Whether you are doing a HITRUST CSF Self-Assessment or Validated Assessment, you will be required to score your organization’s compliance with the controls according to the HITRUST Maturity Model. For organizations familiar with the Plan, Do, Check, Act model – a cycle which starts with direction and tone from the top and used as a template for continuous improvement – you will find similarities within the HITRUST Maturity Model and…

Episode 3 – HITRUST CSF Assessment & Report Options

by Joseph Kirkpatrick / December 22, 2022

When navigating your HITRUST CSF compliance journey, there are a few different assessment and reporting options to consider. But before you start the process of which HITRUST CSF assessment and report is right for you, it’s important to fully understand what your client is requesting. Have you received a letter from a client in the mail? Are you reviewing an RFP? The first question you must know the answer to…

Episode 2 – How to Navigate HITRUST CSF Controls

by Joseph Kirkpatrick / December 22, 2022

Getting started with your HITRUST certification journey can be overwhelming; the CSF is a lengthy framework containing 845 requirement statements spread over three implementation levels. Here is a step-by-step guide for understanding how to navigate the makeup of each control by determining the scope of the assessment, determining your unique risk factors, and knowing which level applies to your organization. Defining the Scope of your Assessment The very first thing…

What Will Be in My HIPAA Compliance Report? The 4 Main Components to a HIPAA Compliance Report

by Sarah Harvey / December 22, 2022

You’ve partnered with a third party, you’ve properly scoped your environment, you’ve conducted a HIPAA Risk Analysis, you’ve remedied any non-compliant findings, you’ve worked with your auditor, you’ve completed your HIPAA audit, and now you’re finally receiving your HIPAA compliance report. Congratulations! So, what’s actually included in a HIPAA compliance report? Here are the 4 main components of a HIPAA compliance report: The 4 Main Components to a…

What’s The Difference Between SOC 1, SOC 2, and SOC 3?

Episode 4 – How are HITRUST Controls Scored? The HITRUST CSF Maturity Model

Episode 3 – HITRUST CSF Assessment & Report Options

Episode 2 – How to Navigate HITRUST CSF Controls

What Will Be in My HIPAA Compliance Report? The 4 Main Components to a HIPAA Compliance Report

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.