Why Would a Healthcare Organization Need a SOC 2?

by Sarah Harvey / June 14, 2023

No one wants to work with an at-risk healthcare provider. If someone is looking to use your services, they want to know how secure your healthcare organization actually is. You may think that you have a secure healthcare organization, but does an auditor? With more and more healthcare security breaches being reported to the HHS, it’s more important than ever for covered entities and business associates to demonstrate their commitment…

HITRUST® Across Industries: Where the HITRUST CSF® v9.2 is Headed

by Sarah Harvey / December 16, 2022

Today, HITRUST released the much-anticipated HITRUST CSF v9.2. The changes reflect HITRUST’s effort to leverage international standards and expand adoption into new industries, such as financial services, travel and hospitality, media and entertainment, telecommunications, and startups. Changes in HITRUST CSF v9.2 The two major changes in the HITRUST CSF v9.2 surround its shift to an agnostic framework and the incorporation of international regulatory requirements. The HITRUST CSF v9.2 extracts healthcare-specific…

How Can a SOC 2 Bring Value to MSPs?

by Sarah Harvey / June 14, 2023

As vendors, managed service providers (MSP) are sought out to help entities create and maintain a strong security posture – they shouldn’t bring more risk into their clients’ environments. When organizations engage with MSPs, they want to know how secure their organization really is and will often ask that the MSP undergo a SOC 2 audit before engaging with their services. So, while you may think that your services are…

SOC 2 Academy: Implementing Internal Controls

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.1 When an organization undergoes a SOC 2 audit, auditors need to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 5.1 says, “The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.” What will an auditor look for when assessing this criterion? What do organizations…

SOC 2 Academy: Internal Control Deficiencies

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 4.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 4.2 says, “The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.” What will…