Writing a Change Management Policy

by Sarah Harvey / December 16, 2022

Policies and procedures are nothing new in the world of information security. One of the best things you can do to secure your environment is to develop detailed policies to keep your employees educated on the proper security processes that need to be implemented within your organization. Writing a change management policy is just one step you can take to better secure your organizational and IT systems. Every organization focuses…

Combining SOC 1, SOC 2, and PCI Audits

by Sarah Harvey / June 13, 2023

An organization may choose a combined SOC 1, SOC 2, and PCI audit for many reasons. First, there are compliance requirements. A PCI audit may be mandatory, but too narrow of a scope to be useful to user entities, so a SOC 1 or SOC 2 is needed. Second, there are logistical reasons. If you have to go through all three audits, why not consolidate the effort into one process?…

Internal vs. Third-Party Audits: Why You Need to be Leveraging Both

by Sarah Harvey / February 20, 2023

Internal Audits vs. External Audits Is an internal audit enough? Should you utilize both internal and external audits? This is an ongoing conversation in our arena. But at KirkpatrickPrice, we know that there is power in having both perspectives, especially when it comes to conquering your compliance goals. If you want to prove to your stakeholders that you’re willing to do everything you can to take control of the cyber…

Combining SOC 2 and HIPAA Audits

by Sarah Harvey / June 13, 2023

We get a lot of questions about SOC 2 and HIPAA audits. Should your company do both? Are you able to consolidate multiple audits into one project? KirkpatrickPrice has developed the Online Audit Manager to make it easier to combine multiple audits into one project. Let’s talk through why and how you would take on the project of a combined SOC 2 and HIPAA audit. What are SOC 2 and…

10 Ways to Conduct Patch Management

by Sarah Harvey / December 16, 2022

Like with all software and technology, there are bound to be vulnerabilities found and updates needed to be made. For this reason, organizations must have a patch management plan in place. But for many entities who are just starting to create their information security management plan, or who lack the experience, personnel, or resources needed to execute patch management, they’re likely asking the basic questions like: What is patch management?…