Understanding Your SOC 1 Report: What is a SOC 1 Report?

by Joseph Kirkpatrick / February 22, 2023

What is a SOC 1 Report? Has a prospect recently asked if your organization has a SOC 1 report? Has a top client requested that you begin completing annual SOC 1 audits? Meanwhile, you're just wondering, what is a SOC 1 report? Does your service organization affect user organization’s financial reporting? A SOC 1 would apply to you. SOC 1 engagements are based on the SSAE 18 standard developed by…

How Does the HIPAA Privacy Rule Affect Your Practice?

by Sarah Harvey / December 15, 2022

Many business associates and covered entities are already overwhelmed with responsibilities, so it can be a struggle to find the staff and resources to dedicate to managing strict regulatory demands. In our highly data-driven world, ensuring the privacy of customer data, specifically protected health information (PHI) and patient data, is becoming a top priority of organizations worldwide. In the world of healthcare, the HIPAA Privacy Rule exists to aid business…

Top Cybersecurity Trends for 2018

by Sarah Harvey / June 14, 2023

It’s the beginning of a new year, and everyone wants to know what cybersecurity trends to look out for in 2018. 2017 left a lot of destruction in its wake from cybersecurity attacks and high-profile breaches. And while we can’t 100% say what is to come, we’ve compiled a few cybersecurity predictions based on what we do know. Here are five of the top cybersecurity trends for 2018: Five Cybersecurity…

Understanding Your SOC 1 Report: How Does Sampling Work?

by Joseph Kirkpatrick / December 20, 2022

Sampling During a SOC 1 Audit When an auditor performs a test of control during a SOC 1 audit, it may be appropriate to apply sampling. Sampling is applying audit procedures to less than 100% of a population. The types of populations that could need to be tested include new hire training forms, employee acknowledgements of policies and procedures, antivirus reports, or access control logs. The PCAOB states that sampling…

PCI Requirement 9.10 – Ensure Policies and Procedures for Restricting Physical Access to Cardholder Data are Documented, In Use, and Known to All Affected Parties

by Randy Bartels / December 20, 2022

 Implementing PCI Requirement 9.10 PCI Requirement 9 states, “Restrict physical access to cardholder data.” Complying with PCI Requirement 9 is critical to ensuring that cardholder data is physically accessed only by authorized personnel. For this requirement, we’ve discussed aspects of physical security such as facility entry controls, visitor identification and access controls, how to physically secure media, controlling the distribution of media, how to destroy media, and more. But,…