Preparing for Phase 2 HIPAA Audit Compliance

by Sarah Harvey / June 13, 2023

The OCR has just announced that the Phase 2 HIPAA Audits have officially begun. The OCR is currently gathering information to determine which covered entities and business associates will be included in the auditee pool. If you haven’t already prepared for Phase 2 HIPAA Compliance, knowing where to begin may seem a bit overwhelming. Understanding the background of the OCR’s supervision of HIPAA Compliance is a good place to start…

Ask the Auditor: PCI Requirements 5 and 6

by Sarah Harvey / June 13, 2023

As a PCI Qualified Security Assessor (QSA), we receive a lot of questions and concerns from clients who are just stepping into their first PCI assessment, particularly around PCI Requirements 5 and 6; maintaining a vulnerability management program. We have recently sat down with one of our own QSA’s, Steve McEnroe, QSA, CISA, to answer some of the major questions we commonly hear. Here are the highlights from the interview:…

Top 10 Scorecard Components for Call Monitoring

by Sarah Harvey / June 15, 2023

As a Chief Compliance Officer, call monitoring is a big part of managing the compliance within your organization. It’s your responsibility to determine: Are your collectors compliant with federal and state laws? FDCPA? CFPB? Are they meeting contractual agreements with clients? An effective call monitoring program is essential to your overall compliance. Call Monitoring Scorecard One of the ways you should monitor your collector calls is by developing and using…

4 Phases of a Compliance Management System (CMS)

by Sarah Harvey / June 14, 2023

According to the CFPB, a “robust and effective compliance management system” is a critical component of the structure of an organization. Best practices define a Compliance Management System (CMS) as a set of interrelated or interacting elements that organizations use to direct and control how compliance policies are implemented and compliance objectives are achieved. Since the CMS is essentially the foundation of your organization, let’s start from the bottom and…

5 Topics to Include in Your Security Awareness Training Program

by Sarah Harvey / June 14, 2023

Regularly training your employees is a critical component of compliance and security in your organization. The risk of an employee not understanding the potential security threats facing them as a frontline target could be just the opening that an attacker needs to create a security breach. You are only as strong as your weakest link, so implementing a regular security awareness training program is crucial to ensure that you’re doing…