Blog

Penetration Testing in Support of HIPAA Compliance

by Sarah Harvey / December 16, 2022

According to the Department of Health and Human Services Office for Civil Rights’ “wall of shame,” data breaches and security incidents have impacted more than 450,000 individuals so far this year. With no solution or end to the pervasive threat landscape in sight, this begs the question: what more could the healthcare industry do to protect their patients’ PHI, provide quality healthcare services, and ensure that their security posture remains…

SOC 2 Academy: Incident Response Best Practices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.3 When an organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.3 says, “The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or…

SOC 2 Academy: Performing Daily Log Reviews

by Joseph Kirkpatrick / February 17, 2023

Common Criteria 7.2 Common criteria 7.2 of the 2017 Trust Services Criteria says, “The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives; anomalies are analyzed to determine whether they represent security events.” When an auditor verifies an organization’s compliance with this criterion during a SOC 2 audit, they’ll…

SOC 2 Academy: Detect and Monitor Changes in Your System Configurations

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 7.1 When an organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 7.1 says, “To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.” What…

SOC 2 vs. ISO 27001: Which Audit Do You Need?

by Sarah Harvey / June 14, 2023

SOC 2 and ISO 27001 audits are similar in intention; they both help organizations protect the data that they are responsible for. How are they different, though, and which one meets your organization’s needs? What is a SOC 2 Audit? A SOC 2 audit evaluates internal controls, policies, and procedures that directly relate to the AICPA’s Trust Services Criteria. This means that a SOC 2 audit report focuses on a…

Penetration Testing in Support of HIPAA Compliance

SOC 2 Academy: Incident Response Best Practices

SOC 2 Academy: Performing Daily Log Reviews

SOC 2 Academy: Detect and Monitor Changes in Your System Configurations

SOC 2 vs. ISO 27001: Which Audit Do You Need?

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.