By:
Kathryn Young
May 19th, 2025
In a world where data privacy laws and regulations are rapidly changing, the new ISO 27701:2024 standard has finally arrived and is bringing fresh challenges – and opportunities – for businesses trying to navigate privacy compliance. ISO 27701 is one of several internationally recognized standards in the ISO 27000 family that contain requirements and guidance for information security and privacy management.
Artificial Intelligence | ISO 42001
By:
Jerrad Bartczak
May 13th, 2025
As artificial intelligence continues to become increasingly integrated into regular business operations, the need for its responsible development and use also continues to grow. From bias and fairness to data privacy and security concerns, the risks associated with AI are driving governments around the world to introduce new and evolving legislation aimed at ensuring its ethical and safe deployment.
Compliance and Certification | ISO Certifications | SOC Examinations
By:
Lauren Edmonds
May 7th, 2025
Organizations complete mergers and acquisitions (M&A) all the time, be it for growth and expansion, to further synergize or diversify, or for other incentives. And as varied as your reason(s) may be for your latest realignment, there is one consistent impact M&A has no matter the driver—the effect on your ongoing compliance cycles. As such, you need to have a plan to properly adjust, especially since there are different paths you can take when accommodating such an organizational shift.
Cybersecurity Assessments | Payment Card Assessments | Compliance and Certification | Privacy Assessments | Federal Assessments | Crypto and Digital Trust | ISO Certifications | Healthcare Assessments | SOC Examinations
By:
Christian Underkoffler
April 30th, 2025
In today’s complex and constantly evolving regulatory environment, businesses face an ever-growing array of compliance requirements across multiple frameworks ranging from FedRAMP, PCI, ISO, GDPR, and HIPAA, to name a few. Navigating these compliance waters is increasingly challenging, particularly with regards to cybersecurity and data protection. However, there are measures you can take to significantly refine your compliance processes. In this article, we will explore how streamlining all of your compliance efforts with a single trusted provider can not only simplify your processes but also enhance your overall security posture.
Cybersecurity Assessments | Cloud Computing | SOC Examinations | SOC 2
By:
Nate Kocan
April 29th, 2025
As cloud services continue to expand globally, service providers are increasingly expected to demonstrate compliance with a variety of frameworks depending on where their customers operate. Two commonly requested assurance reports include the American Institute of Certified Public Accountants (AICPA) SOC 2 attestation report and the German Federal Office for Information Security (Bundesmat fur Sicherheit in der Informationstechnik, or “BSI”) Cloud Computing Compliance Criteria Catalogue (C5) attestation report.
By:
Chris Lippert
April 23rd, 2025
Microsoft recently released v11 of their Data Protection Requirements (DPR) for suppliers required to undergo an annual security and privacy assessment through Microsoft’s Supplier Security and Privacy Assurance (SSPA) program. Microsoft DPR v11 went into effect April 2025 and features a total of 67 requirements.
Payment Card Assessments | PCI DSS
By:
Will Sparks
April 22nd, 2025
Transport Layer Security (TLS) is a cryptographic protocol that encrypts data, authenticates connections, and protects the data in transmission. As time passes, new versions of TLS are released to strengthen defenses and maintain an advantage of the constantly evolving threat landscape. Understanding these updates is essential for anyone managing secure systems or handling sensitive data online.
Cybersecurity Assessments | Audit Readiness
By:
Natasha Camacho
April 17th, 2025
In cybersecurity, identifying and assessing vulnerable services is essential for effectively protecting an organization’s security stance. Two crucial elements that influence service security are protocols and ports.