SOC 2 vs. ISO 27001: Which Audit Do You Need?

by Sarah Harvey / June 14, 2023

SOC 2 and ISO 27001 audits are similar in intention; they both help organizations protect the data that they are responsible for. How are they different, though, and which one meets your organization’s needs? What is a SOC 2 Audit? A SOC 2 audit evaluates internal controls, policies, and procedures that directly relate to the AICPA’s Trust Services Criteria. This means that a SOC 2 audit report focuses on a…

Privacy vs. Security: What’s the Difference?

by Sarah Harvey / February 20, 2023

Privacy and security are terms that are often believed to be synonymous, but they’re actually quite different. Understanding what that difference is plays a key role in ensuring that your organization maintains a strong security posture, while also performing your due diligence to protect your customers’ sensitive data. In this webinar, our Director of Regulatory Compliance, Mark Hinely, discusses the differences between privacy and security, why understanding the difference matters,…

The Dangers of End-of-Support Operating Systems

by Sarah Harvey / June 14, 2023

Computer hardware and software is not built to last forever. End-of-support operating systems are one of the most common vulnerabilities discovered on enterprise networks. Why? Typically, it’s for one of two reasons. First, the organization could just lack a refresh of technology. But, end-of-support vulnerabilities could also occur because organizations need legacy software that will only function on an older operating system. Here's some end of support guidance for common…

Why Would Someone Want to Compromise Medical Data?

by Sarah Harvey / December 16, 2022

Imagine if you could search someone’s name on Google, and their full span of medical data and complete medical history was available. An employer could do it, a potential date could do it, an estranged family member could do it – how scary would that be? There’s debate about how much the average piece of medical data is worth, but trust us, it adds up. The many facets of the…

SOC 2 Academy: Dealing with External Threats

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.6 When a service organization undergoes a SOC 2 audit, auditors will verify whether they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.6 says, “The entity implements logical access security measures to protect against threats from sources outside its system boundaries.” How can organizations be sure that they’re complying with this criterion? Let’s discuss. Dealing with External Threats During…