What is a SOC 1 Audit and Why Do I Need One?

by Joseph Kirkpatrick / February 7, 2023

Have you had a client tell your organization that it needs to have a SOC 1 audit performed? If your immediate reaction was, "What is a SOC 1?", that's completely normal. You're in the right place! Have you ever had your boss ask you "What is a SOC 1 audit?" and need a project timeline as soon as possible? You're also in the right place! Have you seen competitors announce…

Episode 6 – Understanding HITRUST – Top 5 HITRUST FAQs

by Joseph Kirkpatrick / February 7, 2023

As many organizations are new to the HITRUST CSF, we receive a lot of questions regarding HITRUST CSF compliance. Certified HITRUST CSF Practitioner, Jessie Skibbe, has presented to us the top five frequently asked questions about HITRUST. Here are her answers: Top 5 Frequently Asked Questions about HITRUST I was just told that I need to be HITRUST certified by December 31, 2017. What should I do? First, don’t panic,…

Episode 5 – 5 Things You Need to Get Started with HITRUST Compliance

by Joseph Kirkpatrick / February 7, 2023

HITRUST is becoming a buzzword around the healthcare industry. Many business associates are being asked by clients to obtain HITRUST CSF certification. Many business associates are looking for a way to demonstrate compliance with HIPAA laws and maintain a competitive advantage in the industry. If you are brand new to HITRUST CSF and aren’t quite sure where to start, take a look at these five things your organization should do…

PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties

by Randy Bartels / February 7, 2023

PCI Requirement 5 states, “Protect all systems against malware and regularly update anti-virus software or programs.” For this requirement, we’ve discussed the 5 sub-requirements and topics such as anti-virus solutions, malware protection, commonly affected systems, and the evolving threat landscape. Meeting PCI Requirement 5 will protect your organization from being infected by malware attacks. But, as we’ve learned, it’s not enough just to learn and talk about these things. All…

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

by Randy Bartels / February 7, 2023

Now that there is an anti-virus solution installed and running in your environment, we need to keep it that way. PCI Requirement 5.3 states, “Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.” There may be situations when you need to disable the anti-virus mechanism for a very short period…