SOC Bridge Letter: Closing the Gap with Customer Timelines
Blog A SOC report’s covered period does not always coincide with your customers’ fiscal calendar. It might, for example, have an end date of October 31, which leads to a two-month gap with a customer’s fiscal year-end (December 31). To address this gap,...
Compliance vs Security
An organization must constantly be on guard against external network attacks, threats from its own staff and third-party vendors and even fatal flaws in their own technology that can place data and systems at risk. In order to address this constantly evolving...
NIST Penetration Testing
Blog When assessing the overall cybersecurity of an organization, it is important to do a thorough inspection of all systems and protocols in order to check for and target weaknesses or vulnerabilities. Equally critical is determining how well your company’s...
ISO 27001 vs. ISO 27002
Blog In the world of information security, two standards often come up: ISO 27001 and ISO 27002. But what exactly are they? ISO 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security...
ISO 27001 vs NIST Cybersecurity Framework
Blog Numerous laws and regulations worldwide require corporations to adopt them to secure their data. NIST CSF and ISO 27001 are two of the most prevalent in North America. While both frameworks intend to safeguard data and strengthen security, they do so...
ISO 27001 Certification Process Step-by-Step
Blog Increasingly, information security management is becoming a critical, top-priority issue for organizations of all sizes. Whether you serve a domestic or global customer base, protecting your ISMS infrastructure against both internal and external risk is...
HITRUST CSF Controls
Blog If your organization is in the healthcare industry, you focus extensively on valuable data. Whether you create it, store it, transmit or exchange it or simply access it, your systems must be secure in order to protect the confidentiality, privacy and...
HITRUST Self Assessment
International corporate entities, insurance firms, medical practices, hospitals, state and federal government agencies and other companies that operate in the healthcare sector are charged with the crucial responsibility of protecting, storing and transmitting patient...
Qualitative vs. Quantitative Risk Assessments in Cybersecurity
Blog Assessing the risks within your cybersecurity system is one of the key priorities to address when conducting an ISO 27001 project or a related audit. It can be accomplished using quantitative risk analysis, qualitative risk analysis, or a combination...
HITRUST Certification Requirements
The protection of patient data is of paramount importance to any company that operates in the healthcare sector. In order to streamline the complex process of complying with a wide range of security standards, representatives...