What is GDPR Personal Data and Who is a GDPR Data Subject?

by Sarah Harvey / December 16, 2022

Two of the most frequent questions asked about GDPR, especially from non-EU-based organizations, are: What is GDPR personal data? Who is a GDPR data subject? If you’ve been asking these questions but can’t seem to find a clear answer, you are not alone. The answer to these questions can determine whether or not GDPR applies to your organization and to what extent it applies. Let's take a closer look at…

PCI DSS Update: Version 3.2.1 Released

by Sarah Harvey / December 16, 2022

On February 1, 2018, nine new PCI DSS requirements went into effect. Four months later, the PCI Security Standards Council (SSC) published a minor revision to the PCI DSS. PCI DSS v3.2.1 replaces v3.2 and addresses effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. Though PCI DSS v3.2.1 does not introduce any new requirements, let’s discuss the minor revisions made, when they…

What’s the Difference Between SOC for Cybersecurity and SOC 2?

by Sarah Harvey / June 14, 2023

Newest Addition to the SOC Suite The AICPA recently added a new offering to its SOC suite: SOC for Cybersecurity. The difference between SOC 1, SOC 2, and SOC 3 has always been fairly clear-cut based on factors like internal control over financial reporting, the Trust Services Criteria, and restricted report use. Now, we have a new player in the game. What’s the Difference Between SOC for Cybersecurity and SOC…

Data Center Physical Security Recommendations with Auditor Insights

by Mike Wise / June 15, 2023

Why is Data Center Physical Security Important? As we see more and more headlines of breaches, the focus on intruders accessing critical data has been heightened. What is the goal of those intruders? To access critical data stored by organizations. This brings data centers into focus because the ultimate nexus of that critical data is in the data center. One of the top responsibility areas for data centers falls into…

What Is SOC Cyber Security?

by Sarah Harvey / June 14, 2023

The Age of Cybersecurity & Risk Management In today’s world, information systems are incredibly interconnected, but this comes with a price. Because most organizations conduct some portion of their business in cyberspace, they open themselves up to a new level of risk. Who they are, what they do, and what information they possess can make businesses targets for malicious attackers. A malicious cybersecurity attack can result in: Reputational damage Disruption…