Information Security Management Series: Making Sense of the Regulatory Alphabet Soup

by Sarah Harvey / February 18th, 2015

Have you heard of SOC 1, SOC 2, HIPAA, PCI, FISMA, or ISO 27001/27002 frameworks but are unsure of what they entail? Have you been asked for verification of regulatory compliance but don’t know where to begin? This webinar will educate you on the basics of these frameworks so that you are better equipped to discuss your compliance goals with prospects and clients, and are also more informed on your organization’s compliance objectives.

What is the Regulatory Alphabet Soup?

In this webinar, you will learn about the following information security frameworks:

  • SOC 1: A SOC 1 engagement is an audit of the internal controls at a service organization that may be relevant to their client’s internal control over financial reporting (ICFR).
  • SOC 2: A SOC 2 report helps to address third-party risk concerns by evaluating internal controls, policies, and procedures that directly relate to the security, availability, confidentiality, processing integrity, and privacy of a system at a service organization.
  • HIPAA: A HIPAA audit reports on internal controls that protect valuable PHI and ePHI.
  • PCI DSS: If you are a merchant, service provider, or subservice provider who stores, processes, or transmits cardholder data, you are required to comply with the Payment Card Industry Data Security Standard (PCI DSS). This audit focuses on the protection of credit card data and has approximately 394 controls categorized under six control objectives and 12 major subject areas.
  • FISMA: A FISMA audit is a thorough assessment of your information security practices as it relates to NIST requirements.
  • ISO 27001: This is the only internationally-accepted standard for information security governance and is being increasingly and widely adopted.

To learn more about regulatory compliance frameworks, download the full webinar. For more information about these frameworks and how KirkpatrickPrice can help you meet your compliance objectives, contact us today.