Common Gaps in Vendor Compliance Management

by Sarah Harvey / June 13, 2023

Effective Vendor Risk Management An effective risk management strategy includes a strategic process for assessing and monitoring vendor compliance. Some vendors go to great lengths to secure their services and processes, but others may leave you with consequences to pay. Vendors need to prove what they are doing to reduce risk to you and your customers. You’re putting a great deal of control into the vendors' hands, so managing vendor…

What Is SOC Cyber Security?

by Sarah Harvey / June 14, 2023

The Age of Cybersecurity & Risk Management In today’s world, information systems are incredibly interconnected, but this comes with a price. Because most organizations conduct some portion of their business in cyberspace, they open themselves up to a new level of risk. Who they are, what they do, and what information they possess can make businesses targets for malicious attackers. A malicious cybersecurity attack can result in: Reputational damage Disruption…

Auditor Insights: Day-to-Day Operations of Internal Audit

by Joseph Kirkpatrick / June 13, 2023

Internal audit provides a level of monitoring which is generally not available when working with a third-party auditor. If you’re going on a long road trip, how likely are you to hop in the car and start driving? You’re not – most people will take the car to the shop for an oil change and overall inspection. If the road trip is the audit engagement, the practice of taking the…

Auditor Insights: Compliance from the Start

by Shannon Lane / October 11, 2023

Why Don’t Organizations Start with Compliance? At its core, business is a function of time, vision, service, and money. What do we provide? How do we intend to provide it? What takes precedence - the opportunity now or the infrastructure to support things tomorrow? How do we do what we do in a way that makes sense with the resources we have? I’ve found that compliance tends to be one…

Why an Information Security Program Is Important

by Sarah Harvey / June 15, 2023

Regardless of the size of your business or the industry you’re in, an information security program is a critical component of any organization. A good information security program consists of a comprehensive set of information security policies and procedures, which is the cornerstone to any security initiative in your organization. Whether you’re responsible for protected health information (PHI), personally identifiable information (PII), or any other proprietary information, having a fully…