Payment Card Assessments | PCI DSS v4.0
By:
MATT CRANE
September 21st, 2023
In June 2023, the Payment Card Industry Security Standards Council (PCI SSC) released a new worksheet entitled “Items Noted for Improvement” (INFI)—while the Council encourages use of this worksheet for assessments based on earlier versions of PCI DSS, organizations undergoing a PCI DSS v4.0 assessment are required to use it.
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
September 19th, 2023
Though considered somewhat abbreviated in comparison to HITRUST’s other certification options, the HITRUST e1 Certification still represents a potentially beneficial path, particularly for those organizations that have already established their compliance programs.
HITRUST | Healthcare Assessments
By:
RYAN MEEHAN
September 14th, 2023
Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “covered entities.” (Note that subcontractors to business associates are also classified as business associates.)
Payment Card Assessments | Penetration Testing | PCI DSS v4.0
By:
Schellman
September 12th, 2023
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholder data. One of the key (and almost always applicable) requirements of PCI DSS is that organizations must perform internal and external penetration testing for the entire scoped environment—this not only applies to systems that store, process, or transmit cardholder data, but also those that can impact the security of cardholder data.
HITRUST | Healthcare Assessments
By:
Kevin Keane
September 7th, 2023
In American history, the Westward Expansion is an important theme of our 19th century. What began with 13 colonies that fought for American independence eventually—after many years—grew to include more places that held more people and different opportunities.
By:
Molly Rudar
September 5th, 2023
Though the timeline of a completed report varies greatly based on numerous factors within your organization, a SOC 1 examination generally always moves through the same three phases of planning and preparation, fieldwork, and reporting stages.
HIPAA | Healthcare Assessments
By:
Schellman
August 31st, 2023
If you’ve ever owned a home in a neighborhood that has a homeowners association, you likely know that you have to pay those fees to avoid a lien being placed on your property, which could complicate your life in annoying ways. But on the flip side, paying those fees should mean you also reap the benefits like landscaping, community pool management, security, or maintenance.
Cybersecurity Assessments | Federal Assessments | NIST CSF
By:
Kate Weber
August 29th, 2023
With the new SEC Cybersecurity Disclosure Rule requiring both the reporting of material cybersecurity events and the disclosure of cybersecurity programs for public companies, those affected are taking a closer look at cybersecurity frameworks that—while previously considered optional or “nice to have”—could help their organization meet the new regulatory requirements.