What is a Risk Assessment? – Learn The 5 Steps to a Risk Assessment

by Joseph Kirkpatrick / April 12, 2023

What is the Purpose of a Risk Assessment? Most information security frameworks require a formally documented, annual risk assessment. You will see this requirement over and over again in your pursuit of SOC 1, SOC 2, PCI DSS, HIPAA, or HITRUST CSF compliance. But what exactly is a risk assessment and why is it so important to information security frameworks? Let's find out. What is a Risk Assessment? A risk…

GDPR Readiness: Are You a Data Controller or Data Processor?

by Sarah Harvey / July 12, 2023

GDPR Roles - Where Does Your Organization Start? The most common questions we’re hearing related to GDPR have to do with roles – what role does my organization play? Are we a data controller or data processor? Joint controller? Controller-processor? Where should we start in our journey towards GDPR compliance? This can be a confusing aspect of compliance, but GDPR requirements depend on roles, so determining what role your organization…

How Can a SOC 2 Bring Value to Your SaaS?

by Sarah Harvey / June 14, 2023

No one wants to work with an at-risk SaaS provider. If someone is looking to use your services, they want to know how secure your SaaS solution actually is. You may think you have a secure SaaS solution, but does an auditor? Does a hacker? Let’s look at how a SOC 2 audit could bring value to your organization’s reputation, marketing initiatives, and competitive advantage. What is a SOC 2?…

HITRUST Update: HITRUST CSF v9.1 Release

by Sarah Harvey / December 20, 2022

HITRUST’s Continual Effort to Evolve As more and more organizations look to the HITRUST CSF® as a way to ensure security and compliance, HITRUST continually updates the framework to incorporate evolving regulations and standards. What's new in HITRUST CSF v9.1, HITRUST's latest release? HITRUST CSF v9.1 includes changes based on community feedback as well as two major updates: support of GDPR and 23 NY CRR 500 requirements. The incorporation of…

Overdue on New PCI Penetration Testing Requirements? What You Need to Know About PCI Requirement 11.3.4.1

by Sarah Harvey / December 20, 2022

What are PCI Penetration Testing Requirements? Nine new PCI DSS v3.2 requirements turned from best practices to requirements on February 1, 2018. One requirement in particular, PCI Requirement 11.3.4.1, outlines new PCI penetration testing requirements and caused confusion among many service providers. PCI Requirement 11.3.4.1 states: “If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes…