ISO 27001: Introduction

by KirkpatrickPrice / December 15, 2022

What is ISO 27001? ISO 27001 is the only information security standard that is recognized across the globe. ISO/IEC 27001 deals with information security management and its purpose is to provide requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The ISMS preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are…

PCI Readiness Series: What’s New in PCI DSS 3.2?

by KirkpatrickPrice / February 9, 2023

Changes You Should Know About in PCI DSS 3.2 In this webinar, our expert panelists will discuss the changes from PCI DSS 3.1 to PCI DSS 3.2, what they mean during a PCI assessment, what you can do to implement these changes, and how to minimize the impact of these changes. There are about 30 controls that we believe may had significant changes, and we try to cover as many…

Road to HIPAA Compliance: Privacy Rule – Privacy Notices and Consumer Complaints

by KirkpatrickPrice / December 19, 2022

What is the Privacy Rule? If you’ve been following along with our Road to HIPAA Compliance webinar series, congratulations - we’ve made it to the middle of the road! We are halfway to knowing all about HIPAA compliance. In this session, we’re covering the Privacy Rule, Notice of Privacy Practices, and handling consumer complaints.  The Privacy Rule exists so that patients know they have rights, and that those rights…

business people walking

PCI Readiness Series: PCI Requirement 9

by KirkpatrickPrice / December 19, 2022

PCI Requirement 9: Restrict Physical Access to Cardholder Data PCI Requirement 9 evaluates all aspects of physical security controls to cardholder data – updated devices, visitor badges, security cameras, etc. The PCI DSS states, "Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted."  There are ten sub-requirements…

A HITRUST CSF Audit Can Take the Guesswork out of HIPAA Compliance Assessments

by Sarah Harvey / June 14, 2023

Are you looking for a healthcare compliance audit solution?  Has someone asked your organization to demonstrate that you are HIPAA certified? Are you confused by what “HIPAA certified” even means? KirkpatrickPrice offers SOC 2 audits with a HITRUST CSF (common security framework) component designed to take the confusion and guesswork out of HIPAA compliance assessments. The difference between SOC 2 vs. HIPAA is that they are audits over two different…