What is an Independent Opinion in Auditing?

by Joseph Kirkpatrick / June 15, 2023

In order for an audit to comply with regulations, it must be conducted by an auditor with an independent opinion. What is an independent opinion? It’s an auditor’s unbiased, objective stance towards an organization which leads to an accurate, credible report on an organization’s security and compliance. Any type of information security audit needs to have an independent auditor, but especially in the case of a CPA performing SOC 1…

Why is Information Security So Important in Healthcare?

by Sarah Harvey / June 15, 2023

The goal of the healthcare industry has always been to provide quality patient care. To do so, healthcare organizations have invested in state-of-the-art technology and highly-educated personnel, but there’s still one thing that many in the healthcare industry have failed to do: invest in robust information security management programs. In fact, almost on a daily basis, there’s headline after headline reporting of new healthcare data breaches impacting the PHI of…

Breach Report 2019 – July

by Sarah Harvey / December 15, 2022

Regardless of the size or industry of organizations, every month there is headline after headline reporting about new data breaches. Whether it’s a ransomware attack, a negligent employee opening a phishing email, or a state-sponsored attack, millions of individuals are impacted by data breaches and security incidents on a regular basis. Let’s take a look at some of the top data breaches that occurred during July and the lessons we…

4 Reasons to Start a PCI Audit Right Now

by Sarah Harvey / June 14, 2023

Let's face it: our society is becoming more reliant on cashless payment systems, from payment cards to contactless pay. With this digital focus, the security of cardholder data is top of mind to consumers. In fact, according to Pew Research Center, “41% of Americans have encountered fraudulent charges on their credit cards.” If your business cannot prove that your services are secure, why would consumers choose to do business with…

Guide to PCI Policy Requirements

by Sarah Harvey / April 12, 2023

Introduction to the 12 PCI Requirements The purpose of the PCI DSS is to ensure that all of that data that lives within the cardholder data environment (CDE) is protected and secured from theft or unauthorized use. If you are a merchant, service provider, or subservice provider who stores, processes, or transmits cardholder data, you are subject to comply with the PCI DSS but doing so may seem daunting. Why?…