Blog

Canada’s New Breach Notification Law: Preparation and Impact

by Sarah Harvey / December 16, 2022

On November 1, 2018, Canada’s Data Privacy Act amended the Personal Information Protection and Electronic Data Act (PIPEDA) to include Breach of Security Safeguards Regulations. Organizations subject to PIPEDA will now have to report breaches that pose a “real risk of significant harm” to affected individuals to the Office of the Privacy Commissioner of Canada (OPC). What does this new regulation mean for organizations and how can they operate in…

Voice-Enabled Devices and Data Privacy: Lessons Learned from Amazon

by Sarah Harvey / December 16, 2022

“Alexa, what’s the weather like in Nashville today?” Amazon’s Alexa, Apple’s Siri, the Google Assistant – the list of voice assistants and voice-enabled devices seems to just keep growing. “Hey Google, could you set an alarm for 8:00 AM tomorrow?” Their basic goal is to make our lives easier, right? Through voice assistants’ language processing abilities, they can complete all types of tasks – stream music, set an alarm, take…

SOC 2 Academy: Registering Internal and External Users

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.2 When a service organization undergoes a SOC 2 audit, auditors will validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.2 says, “Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the…

SOC 2 Academy: How to Perform a Thorough Inventory

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.1 says, “The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.” While we have discussed many points of focus that organizations…

SOC 2 Academy: Additional Points of Focus for Logical Access

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 While not requirements, points of focus are meant to serve as references to assist organizations when they are designing, implementing, operating, and evaluating controls over security, availability, confidentiality, processing integrity, and privacy. When it comes to implementing logical access controls, there are some additional points of focus that will help organizations ensure that their information security systems remain secure. Let’s take a look at how these additional…

Canada’s New Breach Notification Law: Preparation and Impact

Voice-Enabled Devices and Data Privacy: Lessons Learned from Amazon

SOC 2 Academy: Registering Internal and External Users

SOC 2 Academy: How to Perform a Thorough Inventory

SOC 2 Academy: Additional Points of Focus for Logical Access

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.