HITRUSTĀ® Across Industries: Where the HITRUST CSFĀ® v9.2 is Headed

by Sarah Harvey / December 16, 2022

Today, HITRUST released the much-anticipated HITRUST CSF v9.2. The changes reflect HITRUSTā€™s effort to leverage international standards and expand adoption into new industries, such as financial services, travel and hospitality, media and entertainment, telecommunications, and startups. Changes in HITRUST CSF v9.2 The two major changes in the HITRUST CSF v9.2 surround its shift to an agnostic framework and the incorporation of international regulatory requirements. The HITRUST CSF v9.2 extracts healthcare-specific…

How Can a SOC 2 Bring Value to MSPs?

by Sarah Harvey / June 14, 2023

As vendors, managed service providers (MSP) are sought out to help entities create and maintain a strong security posture ā€“ they shouldnā€™t bring more risk into their clientsā€™ environments. When organizations engage with MSPs, they want to know how secure their organization really is and will often ask that the MSP undergo a SOC 2 audit before engaging with their services. So, while you may think that your services are…

SOC 2 Academy: Implementing Internal Controls

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 5.1 When an organization undergoes a SOC 2 audit, auditors need to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 5.1 says, ā€œThe entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.ā€ What will an auditor look for when assessing this criterion? What do organizations…

SOC 2 Academy: Internal Control Deficiencies

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 4.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 4.2 says, ā€œThe entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.ā€ What will…

SOC 2 Academy: Who is Monitoring Internal Controls?

by Joseph Kirkpatrick / December 16, 2022

Establishing methods of effective monitoring is a critical component of SOC 2 compliance. During a SOC 2 audit, an auditor will not only assess whether or not an organization is effectively monitoring their internal controls but also whether or not the proper person is monitoring those internal controls. Why is that? It comes down to the need for checks and balances, so letā€™s discuss. Monitoring Internal Controls When deciding who…