Ask the Auditor: PCI DSS Requirements 3 & 4

by Sarah Harvey / June 13, 2023

We had another chance to interview one of our Information Security Auditors, Tim Cunningham, on some frequently asked questions about PCI DSS Requirements 3 and 4. Here are the highlights from the interview: Q: When we consider the concept of protecting stored cardholder data, what is the first thing to consider when planning compliance with Requirement 3? An organization’s approach to PCI Compliance should be a top-down, management driven approach.…

Top 10 Risks Found by Our Auditors

by Sarah Harvey / December 16, 2022

Are you in the process of getting your annual audit performed? Are you preparing for your annual audit? We have compiled a list of the Top 10 Risks we most commonly find when auditing information security to help you better strengthen your own environment. Take a look at what our auditors have found to be common shortcomings and make sure you’re not making those same mistakes at your organization. 1.…

Why am I Being Asked About SSAE 16, and What do I Need to Know to Talk Intelligently?

by Sarah Harvey / December 16, 2022

SOC 1 (formerly SSAE 16) is the most commonly used means of third-party attestation. Have you been asked about a SOC 1 audit? Are you interested in learning more about how you can ensure SOC 1 compliance? The following webinar provides an informative overview of the SOC 1 framework along with SOC 2, HIPAA, PCI, and FISMA.  What Does a SOC 1 Audit Include? SOC 1 is an audit…

PCI Readiness Series: PCI Requirements 3 and 4

by KirkpatrickPrice / December 16, 2022

This session in our PCI Readiness Series focuses on PCI DSS Requirements 3 and 4, which focus on encryption and protecting cardholder data. PCI Requirement 3 states, "Protect stored cardholder data." PCI Requirement 4 states, "Encrypt transmission of cardholder data across open, public networks."  What is Requirement 3? PCI Requirement 3 gives organizations an opportunity to consider which retained data is required and which is becoming a liability for…

business people walking

6 Steps to Construct Your Internal Audit Program

by Sarah Harvey / June 15, 2023

Why is an internal audit program important? The CFPB Examination Manual has become the ruling guidance for those in the collections space, and internal audit is a topic that can’t be taken too lightly. According to the manual, an effective compliance management system should have four interdependent control components: Board and management oversight Compliance program Response to consumer complaints Compliance Audit When these four control components are strong and well-coordinated,…