The Importance of a Culture of Compliance: CompuMail’s Insights

by Sarah Harvey / December 20, 2022

The Need for Security CompuMail began pursuing comprehensive audits in 2009 to ensure efficient, compliant business operations and to maintain a strong multi-industry reputation. Since then, they’ve achieved many compliance goals and excelled to greater levels of assurance. In 2010, they achieved PCI and HIPAA compliance, and soon after, became compliant with FISMA, GLBA, and ISO 27002. Most recently, CompuMail completed further auditing and achieved SOC 1 and SOC 2…

HITRUST Update: HITRUST CSF v9.1 Release

by Sarah Harvey / December 20, 2022

HITRUST’s Continual Effort to Evolve As more and more organizations look to the HITRUST CSF® as a way to ensure security and compliance, HITRUST continually updates the framework to incorporate evolving regulations and standards. What's new in HITRUST CSF v9.1, HITRUST's latest release? HITRUST CSF v9.1 includes changes based on community feedback as well as two major updates: support of GDPR and 23 NY CRR 500 requirements. The incorporation of…

Overdue on New PCI Penetration Testing Requirements? What You Need to Know About PCI Requirement 11.3.4.1

by Sarah Harvey / December 20, 2022

What are PCI Penetration Testing Requirements? Nine new PCI DSS v3.2 requirements turned from best practices to requirements on February 1, 2018. One requirement in particular, PCI Requirement 11.3.4.1, outlines new PCI penetration testing requirements and caused confusion among many service providers. PCI Requirement 11.3.4.1 states: “If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes…

SOC 2 Reporting Update: 2017 Trust Services Criteria

by Sarah Harvey / December 20, 2022

SOC 2 Compliance: Reporting Changes You may have recently noticed some changes in SOC 2 reporting, like the inclusion of an internal control framework and a change from “Trust Services Principles” to “Trust Services Criteria.” Why the changes? The AICPA’s Assurance Services Executive Committee (ASEC) recently issued a SOC 2 reporting update that includes a new set of 2017 Trust Services Criteria, which will provide integration with the 2013 COSO…

Top Cybersecurity Trends for 2018

by Sarah Harvey / June 14, 2023

It’s the beginning of a new year, and everyone wants to know what cybersecurity trends to look out for in 2018. 2017 left a lot of destruction in its wake from cybersecurity attacks and high-profile breaches. And while we can’t 100% say what is to come, we’ve compiled a few cybersecurity predictions based on what we do know. Here are five of the top cybersecurity trends for 2018: Five Cybersecurity…