SOC 1 Compliance Checklist: Are You Prepared for a SOC 1 Audit?

by Sarah Harvey / April 12, 2023

What is a SOC 1 Audit? The SOC 1 audit is based on an attestation standard developed by the American Institute of Certified Public Accountants (AICPA) to be used in the auditing of third-party service organizations, whose services are relevant to their clients’ impact over financial reporting. A SOC 1 Type I report is an attestation of controls at a service organization at a specific point in time. It reports on…

4 Reasons to Pursue a SOC for Cybersecurity Report

by Sarah Harvey / January 25, 2023

What is SOC for Cybersecurity? Reputational damage, disruption of business operations, fines, litigation, and loss of business can all be consequences of a cybersecurity attack. Because of these consequences and the vast threat landscape, the AICPA saw a need in the industry that it could fill: a general use report that describes an organization’s cybersecurity risk management program and verifies the effectiveness of its controls. Thus, SOC for Cybersecurity was…

Horror Stories – Magecart’s Malicious Skimming Campaign

by Sarah Harvey / June 14, 2023

In September, British Airways announced that 380,000 transactions were compromised during a breach that took place between August 21 and September 5. Fortunately, no travel or passport details were compromised, but payment information was obtained through digital skimming of the airline’s website and app. The UK’s National Crime Agency, National Cybersecurity Centre, and Information Commissioner’s Office are investigating this incident. This breach is being linked to Magecart, a threat group that…

5 Ways Business Associates and Covered Entities Can Prepare for HIPAA Compliance

by Sarah Harvey / December 21, 2023

In an industry that is based on customer trust, the healthcare industry must take the appropriate measures to ensure HIPAA compliance. The integrity of the industry relies on keeping Protected Health Information (PHI) just that: protected. HIPAA non-compliance means more than just organizational, financial, and reputational implications for healthcare organizations, it could be life-threatening to patients. And with more and more healthcare security breaches being reported to the HHS, it’s…

HIPAA Compliance Checklist: Security, Privacy, and Breach Notification Rules

by Sarah Harvey / January 25, 2023

HIPAA sets a national standard for the protection of consumers’ PHI and ePHI by mandating risk management best practices and physical, administrative, and technical safeguards. HIPAA was established to provide greater transparency for individuals whose information may be at risk, and the OCR enforces compliance with the HIPAA Security, Privacy, and Breach Notification Rules. The goal of the Security Rule is to create security for ePHI by ensuring the confidentiality,…