HITRUST Update: What’s New in HITRUST CSF v9

by Sarah Harvey / December 19, 2022

HITRUST released the HITRUST CSF v9 as more and more organizations look to the CSF as a way to ensure security and compliance with relevant laws. This new release displays HITRUST’s continuing “evolution of the HITRUST CSF in providing organizations with a comprehensive, common approach to managing information privacy and security risks, including cyber.” In an effort to ease the burden of overwhelming compliance demands with all of the requirements…

Understanding Your SOC 1 Audit Report: What is an Assertion?

by Joseph Kirkpatrick / February 7, 2023

What is an Assertion? One of the things that management must provide to the auditor as part of a SOC 1 engagement is an assertion. What does that mean? What is an assertion? In our everyday life, an assertion is a confident statement of fact or belief. In the world of auditing, assertions are still confident statements of fact or belief, but with a twist. Assertions are claims made by…

KRACK Security Flaw: What We Need to Know

by Sarah Harvey / December 19, 2022

Last month, researchers discovered a new weakness found in the WPA2 protocol (Wi-Fi Protected Access 2), the security method which protects all modern Wi-Fi networks, known as the KRACK security flaw. Although there is no evidence at this time that the KRACK vulnerability was maliciously exploited, this still raises many concerns for both personal and enterprise wireless devices. What is the KRACK Security Flaw? The KRACK security flaw, which stands…

Why You Need to Document Your Policies and Procedures

by Sarah Harvey / February 7, 2023

Critical Documentation You hear us repeat it over and over again: if it’s not written down, it’s not happening. Documentation is a critical component of any organization. Policies and procedures are vital to your business operability, business continuity, consistency within your organization, training new employees, controlling risk, meeting regulatory compliance requirements, meeting client requirements, and so much more. Policies and procedures demonstrate how you conduct your business. What is a…

Why an Information Security Program Is Important

by Sarah Harvey / June 15, 2023

Regardless of the size of your business or the industry you’re in, an information security program is a critical component of any organization. A good information security program consists of a comprehensive set of information security policies and procedures, which is the cornerstone to any security initiative in your organization. Whether you’re responsible for protected health information (PHI), personally identifiable information (PII), or any other proprietary information, having a fully…