Blog

Overdue on New PCI Penetration Testing Requirements? What You Need to Know About PCI Requirement 11.3.4.1

by Sarah Harvey / December 20, 2022

What are PCI Penetration Testing Requirements? Nine new PCI DSS v3.2 requirements turned from best practices to requirements on February 1, 2018. One requirement in particular, PCI Requirement 11.3.4.1, outlines new PCI penetration testing requirements and caused confusion among many service providers. PCI Requirement 11.3.4.1 states: “If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes…

What Will Be in My SOC 2 Report?

by Maggie Austin / December 20, 2022

The Seven Components of a SOC 2 Report You’ve partnered with a licensed CPA firm, you’ve properly scoped your environment, you’ve conducted a SOC 2 gap analysis, you’ve remedied any non-compliant findings, you’ve worked with your auditor, you’ve completed your SOC 2 audit and achieved SOC 2 compliance, and now you’re finally receiving your SOC 2 report. Congratulations! You may be wondering, what will be in my SOC 2 report?…

SOC 2 Reporting Update: 2017 Trust Services Criteria

by Sarah Harvey / December 20, 2022

SOC 2 Compliance: Reporting Changes You may have recently noticed some changes in SOC 2 reporting, like the inclusion of an internal control framework and a change from “Trust Services Principles” to “Trust Services Criteria.” Why the changes? The AICPA’s Assurance Services Executive Committee (ASEC) recently issued a SOC 2 reporting update that includes a new set of 2017 Trust Services Criteria, which will provide integration with the 2013 COSO…

What is the Purpose of the SOC 2 Privacy Principle?

by Sarah Harvey / December 20, 2022

Why Choose the Privacy Principle? Once you’ve determined you are ready to pursue a SOC 2 audit report, the first thing you have to decide is which of the five Trust Services Criteria you want to include in your SOC 2 audit report. Typically, service organizations that are concerned about the Privacy Principle are collecting, using, retaining, disclosing, and/or disposing of personal information to deliver their services. A classic…

Enforcement Trends: Lessons from the HIPAA Privacy Rule

by Sarah Harvey / December 20, 2022

Enforcement of the HIPAA Privacy Rule The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule. Enforcement trends are the most direct way that the OCR can tell us what or where they’re looking at. In the most recent enforcement results, the OCR reports that it has received over 171,161 complaints since the HIPAA Privacy Rule took effect in 2003. These complaints…

Overdue on New PCI Penetration Testing Requirements? What You Need to Know About PCI Requirement 11.3.4.1

What Will Be in My SOC 2 Report?

SOC 2 Reporting Update: 2017 Trust Services Criteria

What is the Purpose of the SOC 2 Privacy Principle?

Enforcement Trends: Lessons from the HIPAA Privacy Rule

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.