5 Tips for a Successful Penetration Test (Pentest)

by Sarah Harvey / December 19, 2022

Regular penetration tests are a critical line of defense when protecting your organization’s sensitive assets from malicious outsiders. Just like any test, you need to be prepared. Your organization should take steps to ensure that you pass your penetration test and will be prepared to fend off attackers. Not only are regular penetration tests required by most audit frameworks and provide real-world insight into how hackers can exploit vulnerabilities, they…

What’s The Difference Between SOC 1, SOC 2, and SOC 3?

by Joseph Kirkpatrick / February 7, 2023

When it comes to SOC (System and Organization Controls) reports, there are three different SOC report types: SOC 1, SOC 2, and SOC 3. When considering which report fits your organization’s needs, you must first understand what your clients require of you and then consider the areas of internal control over financial reporting (ICFR), the Trust Services Criteria, and restricted use. Each SOC report type fulfills a different purpose, and…

Episode 4 – How are HITRUST Controls Scored? The HITRUST CSF Maturity Model

by Joseph Kirkpatrick / December 22, 2022

Whether you are doing a HITRUST CSF Self-Assessment or Validated Assessment, you will be required to score your organization’s compliance with the controls according to the HITRUST Maturity Model. For organizations familiar with the Plan, Do, Check, Act model – a cycle which starts with direction and tone from the top and used as a template for continuous improvement – you will find similarities within the HITRUST Maturity Model and…

Episode 3 – HITRUST CSF Assessment & Report Options

by Joseph Kirkpatrick / December 22, 2022

When navigating your HITRUST CSF compliance journey, there are a few different assessment and reporting options to consider. But before you start the process of which HITRUST CSF assessment and report is right for you, it’s important to fully understand what your client is requesting. Have you received a letter from a client in the mail? Are you reviewing an RFP? The first question you must know the answer to…

Episode 2 – How to Navigate HITRUST CSF Controls

by Joseph Kirkpatrick / December 22, 2022

Getting started with your HITRUST certification journey can be overwhelming; the CSF is a lengthy framework containing 845 requirement statements spread over three implementation levels. Here is a step-by-step guide for understanding how to navigate the makeup of each control by determining the scope of the assessment, determining your unique risk factors, and knowing which level applies to your organization. Defining the Scope of your Assessment The very first thing…