by
Joseph Kirkpatrick / February 5, 2024
You know you need to complete a SOC 1 audit but aren't sure if you need a SOC 1 Type I or a SOC 1 Type II. What sets them apart and which makes the most sense for your organization's needs? Don't let the complexities of SOC reports overwhelm you! Below, we explore the importance of a SOC 1 audit report and compare the SOC 1 Type I vs Type…
by
Tori Thurmond / January 31, 2024
What is FISMA? The Federal Information Security Management Act (FISMA) is a piece of United States legislation, enacted as part of the Electronic Government Act of 2002. FISMA’s intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. FISMA is the law; NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations, is the standard that…
by
Tori Thurmond / January 17, 2024
What does it mean for your employees to acknowledge your employee policies and procedures? To comply with information security standards, it’s required that all employees have expressed acknowledgment of the policies in place within your organization, specifically through a policy acknowledgment form for things like your information security policies and employee handbook. Having policy acknowledgment forms is an important piece of the puzzle when it comes to policy development and…
by
Hannah Grace Holladay / January 30, 2024
Information security in the cloud depends on properly managing secrets, including AWS access keys. Authorized users and code must authenticate to use cloud resources. Authentication relies on shared secrets, but shared credentials may create security vulnerabilities, especially when shared naively by embedding them in application code. Embedding AWS access keys in code seems an efficient solution when, for example, your code needs to interact with the S3 API to store…
by
Hannah Grace Holladay / February 14, 2024
Vetting and choosing vendors are some of the most important decisions you’ll make for your business, especially when it comes to information security. They could do everything from run your call center to store your data, monitor your systems, or destroy your records. Yes, you can outsource a process or a department to vendors – but you can never outsource risk. No matter the vendor, they pose some level of…
