Why am I Being Asked about SOC 2 Compliance?

by Sarah Harvey / February 7, 2023

If you’re being asked about SOC 2 compliance for the first time, you may be wondering why. It’s becoming increasingly common for organizations to request that their vendors become SOC 2 compliant so they can ensure that the companies they are working with are appropriately protecting their sensitive information. Perhaps you’re a vendor of a larger organization who is being audited by a publicly traded company, or maybe you want…

The History of SOC 2 Reports

by Sarah Harvey / December 19, 2022

    In order to understand the purpose of a Service Organization Control (SOC) 2 Report, it’s important to understand the background and history of how the SOC 2 came in to existence as a way for service organizations to manage the risks associated with outsourcing services. The original standard was known as SAS 70 and was a way service organizations could demonstrate the effectiveness of internal controls at their…

What is PCI and DSS Compliance?

by Sarah Harvey / April 12, 2023

What is PCI and DSS Compliance? This is a question KirkpatrickPrice, as a PCI QSA, is frequently asked. Let’s start with what it stands for. PCI stands for the Payment Card Industry. When we talk about compliance, we’re talking about the PCI DSS, or Payment Card Industry Data Security Standard. The PCI DSS originated from efforts by major credit card brands (Visa, MasterCard, American Express, Discover, and JCB) to encourage…

Road to HIPAA Compliance: Managing Business Associate Compliance

by KirkpatrickPrice / December 19, 2022

Why Does Business Associate Compliance Matter? The goal for this session is to identify the importance of the relations between covered entities and business associates, and to identify the issues that business associates and covered entities must navigate. This webinar is not designed just to benefit the covered entities. If you are a business associate, it will be beneficial to learn the issues that covered entities are dealing with and…

Understanding Data Breaches with Benjamin Wright

by Benjamin Wright / December 19, 2022

It’s become quite common to see reports in the headlines about data security breaches as different types of organizations are targeted every day. The types of information or data that is stolen as a result of a breach are things like social security numbers, credit card numbers, Protected Health Information (PHI), and Personally Identifiable Information (PII), trade secrets, or intellectual property. The most important thing to consider when it comes…