SAS 70 Auditing Standard vs. SSAE 16 Report: What’s the Difference?

by Sarah Harvey / December 19, 2022

What’s the purpose of an SSAE 16 audit and should I pursue one? If you’re new to the world of information security audits, check out this comprehensive guide on the history of SSAE 16, why it replaced the SAS 70, and how becoming SSAE 16 compliant could benefit your business. Outsourcing critical business functions, such as IT or HR, is a common practice among many businesses, today. While outsourcing is…

Road to HIPAA Compliance: Using the NIST Cybersecurity Framework to Protect PHI

by KirkpatrickPrice / December 19, 2022

The NIST Cybersecurity Framework: A Common Language for Cybersecurity Issues The cybersecurity realm is overwhelming – the issues, the regulations, the changes, the threats, the persistence. We’re living in a world where we hear about new breaches every day. None of us can possibly know everything about all cybersecurity issues, and that’s okay. We’re all vulnerable and overwhelmed, but that’s no excuse not to prepare and continually develop your organization’s…

What is an SSAE 18 (SOC 1) Type II Audit Report?

by Sarah Harvey / April 12, 2023

Harvest Strategy Group, Inc. recently completed its 5th annual SSAE 18 SOC I Type II audit in order to reinforce its industry leadership position in regulatory compliance through an extensive evaluation and audit of the internal controls and processes of its vendors and recovery partners. Headquartered in Denver, Colorado, Harvest Strategy Group, Inc. provides comprehensive accounts receivables management services to a variety of creditors, including banks, auto finance lenders, credit…

PCI Readiness Series: PCI Requirement 12

by KirkpatrickPrice / December 19, 2022

PCI Requirement 12: Maintaining an Information Security Policy When creating an information security policy, an organization must create a policy that addresses information security for all personnel. Let’s emphasize “all” – this policy is not just for the IT department but is for anyone that would/could be involved in some capacity with storing, processing, and transmitting cardholder data. PCI Requirement 12 helps oversee and govern an organization's PCI DSS compliance…

Road to HIPAA Compliance: Incident Response

by KirkpatrickPrice / December 19, 2022

Security, Incident, Response, Repeat There are several challenges when it comes to understanding security incidents and incident response. Our goal for this webinar is to answer several questions that occur while considering your organization’s incident response plan and creating policies and procedures to accompany your plan.  How would you define “security incident” for a practical, real-world setting? The regulatory definition of a “security incident” includes the access, use, disclosure,…