5 Things the Grinch Teaches us about Information Security

by Sarah Harvey / February 7, 2023

With the holiday season always comes a rise in cyber crime and data theft. With that in mind, it’s a perfect time to remind ourselves of important information security tips to keep us safe and secure this holiday. So don’t let the Grinch ruin your holiday. Here are 5 things the Grinch can teach us about information security: 1. Beware of Social Engineering “With this coat and this hat I…

Building Trust in your Brand: Stoneleigh Recovery Associates’ Commitment to Compliance through SOC Audits

by Sarah Harvey / December 19, 2022

Stoneleigh Recovery Associates, a third-party debt collection company, continues to show their commitment to compliance and their brand by the recent completion of their SOC 1 Type II and SOC 2 Type II audits. Headquartered in Lombard Illinois, Stoneleigh has been in business since 2007 and has been receiving third-party audits on their compliance since 2010. Understanding the importance of compliance as a critical business function has given Stoneleigh a…

Understanding the Audit Types for Debt Collectors and Collection Agencies

by Sarah Harvey / June 14, 2023

How SOC 1, SOC 2, PCI and FISMA Apply to Debt Collection If you’re performing collections, you’re no stranger to regulatory compliance and the proactive supervision of government agencies such as the Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), and the Office for Civil Rights (OCR). It’s also critical to consider how you’re protecting consumer data and understand what information security audits are available and will best fit…

Mastering the PCI Audit Process Utilizing the Online Audit Manager Approach

by Sarah Harvey / February 5, 2024

It’s no secret that the PCI Data Security Standard is one of the most robust information security standards that exists. With approximately 400 controls, understanding all of the ins and outs of the standard can cause quite the headache without the proper resources and expertise. When selecting a third party Qualified Security Assessor (QSA) to perform your PCI audit, we recommend choosing an auditor that can help with readiness as…

SAS 70 Auditing Standard vs. SSAE 16 Report: What’s the Difference?

by Sarah Harvey / December 19, 2022

What’s the purpose of an SSAE 16 audit and should I pursue one? If you’re new to the world of information security audits, check out this comprehensive guide on the history of SSAE 16, why it replaced the SAS 70, and how becoming SSAE 16 compliant could benefit your business. Outsourcing critical business functions, such as IT or HR, is a common practice among many businesses, today. While outsourcing is…