15 Information Security Policies Every Business Should Have

by Tori Thurmond / February 6, 2024

When a business suffers a data breach or any other information security failure, it’s best practice to launch a root-cause investigation. We want to know what happened, how it happened, and how it could have been prevented. Whatever the ultimate conclusion of the investigation, among the causes, you will usually find either: Inadequate information security policies A failure to properly implement existing information security policies Information security policies are how…

Understanding the 3 FISMA Compliance Levels: Low, Moderate, and High

by Tori Thurmond / January 31, 2024

What is FISMA? The Federal Information Security Management Act (FISMA) is a piece of United States legislation, enacted as part of the Electronic Government Act of 2002. FISMA’s intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. FISMA is the law; NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations, is the standard that…

Why Should Your Employees Sign a Policy Acknowledgment Form?

by Tori Thurmond / January 17, 2024

What does it mean for your employees to acknowledge your employee policies and procedures? To comply with information security standards, it’s required that all employees have expressed acknowledgment of the policies in place within your organization, specifically through a policy acknowledgment form for things like your information security policies and employee handbook. Having policy acknowledgment forms is an important piece of the puzzle when it comes to policy development and…

The Ultimate Vendor Due Diligence Checklist

by Hannah Grace Holladay / February 14, 2024

Vetting and choosing vendors are some of the most important decisions you’ll make for your business, especially when it comes to information security. They could do everything from run your call center to store your data, monitor your systems, or destroy your records. Yes, you can outsource a process or a department to vendors – but you can never outsource risk. No matter the vendor, they pose some level of…

5 Internal Control Components using COSO Principles

by Joseph Kirkpatrick / January 15, 2024

Implementing Internal Controls for SOC 1 Compliance When an organization pursues SOC 1 compliance, they’ll be tested against the COSO Internal Control – Integrated Framework. This framework is one of the most common frameworks used to design, implement, maintain, and evaluate internal controls. For an organization to successfully complete a SOC 1 audit, they’ll need to meet the three objectives of internal control, demonstrate that they have the five components…