How to Scale Your Information Security Program as You Grow

by Sarah Harvey / June 15, 2023

It’s a great accomplishment for startups to meet compliance goals, like gaining SOC 2 attestation or becoming HITRUST CSF certified – but what happens after you receive your report? How do you continue to implement the lessons you learned and the controls you developed? What happens when a CISO or an IT director leaves the company? Will your information security program withstand your projected growth? These are all things to…

5 Project Management Tips for Information Security Audits

by Sarah Harvey / June 13, 2023

When most people think of auditing, they automatically associate it with negative emotions such as stress or anxiety. At KirkpatrickPrice, we understand that undergoing an information security audit can be an overwhelming task for organizations, and we want to partner with you to ensure that we can alleviate as much of that stress as possible. However, while we have processes, personnel, and tools like our Online Audit Manager to help your…

Why Onsite Visits are the Smart Choice for Cloud Environments 

by Joseph Kirkpatrick / June 15, 2023

The National Institute of Standards and Technology, NIST, defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Cloud computing is both a transformative and disruptive technology that provides an opportunity to rethink the way organizations fix problems that have been around for a…

What is an Independent Opinion in Auditing?

by Joseph Kirkpatrick / June 15, 2023

In order for an audit to comply with regulations, it must be conducted by an auditor with an independent opinion. What is an independent opinion? It’s an auditor’s unbiased, objective stance towards an organization which leads to an accurate, credible report on an organization’s security and compliance. Any type of information security audit needs to have an independent auditor, but especially in the case of a CPA performing SOC 1…

Why is Information Security So Important in Healthcare?

by Sarah Harvey / June 15, 2023

The goal of the healthcare industry has always been to provide quality patient care. To do so, healthcare organizations have invested in state-of-the-art technology and highly-educated personnel, but there’s still one thing that many in the healthcare industry have failed to do: invest in robust information security management programs. In fact, almost on a daily basis, there’s headline after headline reporting of new healthcare data breaches impacting the PHI of…