Introduction to PCI Requirement 2

by Randy Bartels / April 12, 2023

What is PCI Requirement 2? PCI Requirement 2 mandates, “Do not use vendor-supplied defaults for system passwords and other security parameters.” Were you aware that vendor-supplied default passwords and settings are well-known among the hacker community? PCI Requirement 2 was created to fight the malicious individuals who try to compromise systems with the vendor-supplied default information. PCI Requirement 2 focuses on hardening your organization’s systems and assets. We’re here to…

What are HIPAA Physical Safeguards?

by Sarah Harvey / December 22, 2022

The HIPAA Security Rule requires that business associates and covered entities have physical safeguards and controls in place to protect electronic Protected Health Information (ePHI). These safeguards provide a set of rules and guidelines that focus solely on the physical access to ePHI. Stephanie Rodrigue discusses the HIPAA Physical Safeguards What are Physical Safeguards? According to the Security Rule, physical safeguards are, “physical measures, policies, and procedures to protect a…

What Is The SOC 2 Security Principle?

by Sarah Harvey / December 22, 2022

History of the SOC 2 Trust Services Principles The Service Organization Control 2 (SOC 2) Report focuses on non-financial controls at an organization as they relate to security, availability, processing integrity, confidentiality, and privacy. These are also known as the Trust Services Principles. In 2014, the SOC 2 Trust Services Principles were updated, and one of the major changes was to the SOC 2 security principle. This change to the…

What Are HIPAA Administrative Safeguards to Protect ePHI?

by Sarah Harvey / December 19, 2022

One of the HIPAA Security Rule requirements is that covered entities and business associates have administrative controls in place. Once you have completed your HIPAA risk analysis, you should have a good idea of what administrative controls are appropriate for your organization to protect ePHI. Having administrative safeguards in place is important for both the prevention and mitigation of a data breach. Stephanie Rodrigue discusses HIPAA Administrative Safeguards What are…

The HIPAA Risk Analysis

by Sarah Harvey / December 19, 2022

The HIPAA risk analysis is the starting point for any HIPAA audit, and the most important component for achieving and maintaining HIPAA compliance. If risk analysis is such a critical part of HIPAA compliance, why is it the number one finding by the Office for Civil Rights (OCR)? Unfortunately, this means that a lot of business associates and covered entities, who are required to comply with HIPAA laws, just aren’t…