GDPR Compliance Best Practices for Today and Tomorrow

by Sarah Harvey / February 6, 2023

Ensuring that your organization is GDPR compliant is paramount if your call center collects, stores, processes, or transmits the personal data of EU data subjects. Because of this, we suggest following these GDPR best practices: Data Mapping: Organizations need to identify where their data is coming from and where it goes. A call center associate might collect a name, date of birth, and email address, but a payment collection associate…

How to Prepare for Phase 2 HIPAA Compliance Audits

by Sarah Harvey / February 7, 2023

The U.S. Department of Health and Human Services Office for Civil Rights announced on March 21, 2016 that Phase 2 of the HIPAA audits have officially begun. Now, more than a year later, 200 desk audits have occurred, but covered entities and business associates are still struggling to know what to focus on and in which areas they are lacking safeguards. In this webinar hosted by LockPath, Joseph Kirkpatrick shares his…

How to Accurately Define the Scope of an Information Security Assessment

by Sarah Harvey / December 19, 2022

In this session of Duo’s webinar series, A Comprehensive Security Roadmap for MSPs, Joseph Kirkpatrick presents best practices for defining and reducing the scope of an information security assessment. Scoping involves the identification of people, processes, and technologies that interact with, or could otherwise impact, the security of the information to be protected. Scoping is the first step for any assessment and also one of the most important elements of…

ISO 27001: Introduction

by KirkpatrickPrice / December 15, 2022

What is ISO 27001? ISO 27001 is the only information security standard that is recognized across the globe. ISO/IEC 27001 deals with information security management and its purpose is to provide requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The ISMS preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are…

Why am I Being Asked About SSAE 16, and What do I Need to Know to Talk Intelligently?

by Sarah Harvey / December 16, 2022

SOC 1 (formerly SSAE 16) is the most commonly used means of third-party attestation. Have you been asked about a SOC 1 audit? Are you interested in learning more about how you can ensure SOC 1 compliance? The following webinar provides an informative overview of the SOC 1 framework along with SOC 2, HIPAA, PCI, and FISMA.  What Does a SOC 1 Audit Include? SOC 1 is an audit…