Hackers vs. Consumers: 6 Best Practices for Safe Online Holiday Shopping

by Sarah Harvey / June 14, 2023

Best Practices for Safe Online Holiday Shopping While businesses are gearing up for the busiest shopping season of the year and consumers are anxiously awaiting the best online deals, malicious hackers will be prepping to get their hands on valuables as well. This makes it increasingly important that consumers practice due diligence while online shopping. Clicking on random links, buying products from unsecure websites, and inputting personally identifiable information where…

Risk Assessment Checklist – 5 Steps You Need to Know

by Sarah Harvey / April 12, 2023

What is a Risk Assessment? A risk assessment is a process by which an organization analyzes vulnerabilities, potential threats and risks to the organization's security posture and IT systems. Performing a risk assessment is a critical component of any Information Security program. Because it’s mandated by several frameworks (SOC 1, SOC 2, PCI DSS, ISO 27001, HIPAA, FISMA), organizations wanting to comply with these frameworks must conduct risk assessments on…

business people walking

SOC 2 Academy: A Board’s Independence from Management

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.2 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 1.2 states, “The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.” Let’s take a look at how boards of directors can demonstrate independence from…

SOC 2 Academy: How Does an Auditor Test for Integrity?

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 1.1 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that the organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 1.1 states, “The entity demonstrates a commitment to integrity and ethical values.” So, what does an organization need to do to demonstrate this? How will the auditor test for integrity? Let’s discuss. Tone…

FERPA FAQ – What You Need to Know About FERPA Compliance

by Sarah Harvey / December 16, 2022

Does your organization process, store, transmit, or use educational records? Are you responsible for ensuring that the information of students remains secure? FERPA is one of the most significant federal regulations in the education sector, aimed at protecting the privacy of students and their parents. Undergoing a FERPA audit is one way that educational institutions can identify and mitigate any vulnerabilities in their security infrastructure and are doing what is needed…